diff options
Diffstat (limited to 'config/snort-dev')
23 files changed, 11082 insertions, 11035 deletions
diff --git a/config/snort-dev/css/sexybuttons.css b/config/snort-dev/css/sexybuttons.css index c3834b44..db36a287 100644 --- a/config/snort-dev/css/sexybuttons.css +++ b/config/snort-dev/css/sexybuttons.css @@ -1,342 +1,342 @@ -/* - * Sexy Buttons - * - * DESCRIPTION: - * Sexy, skinnable HTML/CSS buttons with icons. - * - * PROJECT URL: - * http://code.google.com/p/sexybuttons/ - * - * AUTHOR: - * Richard Davies - * http://www.richarddavies.us - * Richard@richarddavies.us - * - * VERSION: - * 1.1 - * - * LICENSE: - * Apache License 2.0 (http://www.apache.org/licenses/LICENSE-2.0) - * Creative Commons 3.0 Attribution (http://creativecommons.org/licenses/by/3.0/) - * - * CREDITS: - * Inspired by, derived from, and thanks to: - * http://www.p51labs.com/simply-buttons-v2/ - * http://www.oscaralexander.com/tutorials/how-to-make-sexy-buttons-with-css.html - * http://www.zurb.com/article/266/super-awesome-buttons-with-css3-and-rgba - * http://www.elctech.com/snippets/make-your-buttons-look-super-awesome - * - * USAGE: - * Simply add class="sexybutton [skin]" to a <button> or <a> element and wrap the label text with double <span>s. - * You can optionally add a "silk" icon to the button text by using a third <span> with class to identify the icon. - * - * EXAMPLE: - * <button id="btn1" class="sexybutton" name="btn1" type="submit" value="Submit"> - * <span><span><span class="ok">Submit</span></span></span> - * </button> - */ - - -/* - * Generic styles for all Sexy Buttons - */ - -.sexybutton { - display: inline-block; - margin: 0; - padding: 0; - font: bold 13px "Helvetica Neue", Helvetica, Arial !important; - text-decoration: none !important; - text-shadow: 1px 1px 2px rgba(0,0,0,0.20); - background: none; - border: none; - white-space: nowrap; - cursor: pointer; - user-select: none; - -moz-user-select: none; - - /* Fix extra width padding in IE */ - _width: 0; - overflow: visible; -} - -.sexybutton span { - display: block; /* Prevents :active from working in IE--oh well! */ - height: 24px; - padding-right: 12px; - background-repeat: no-repeat; - background-position: right top; -} - -.sexybutton span span { - padding-right: 0; - padding-left: 12px; - line-height: 24px; - background-position: left top; -} - -.sexybutton span span span { - padding-left: 21px; - background-image: none; - background-repeat: no-repeat; - background-position: left center; - /* IE6 still requires a PNG transparency fix */ - /* _background-image: none; Or just hide icons from the undeserving IE6 */ - /* _padding-left: 0; Or just hide icons from the undeserving IE6 */ -} - -.sexybutton span span span.after { - padding-left: 0px; - padding-right: 21px; - background-position: right center; - /* IE6 still requires a PNG transparency fix */ - /* _padding-right: 0; Or just hide icons from the undeserving IE6 */ -} - -.sexybutton[disabled], -.sexybutton[disabled]:hover, -.sexybutton[disabled]:focus, -.sexybutton[disabled]:active, -.sexybutton.disabled, -.sexybutton.disabled:hover, -.sexybutton.disabled:focus, -.sexybutton.disabled:active { - color: #333 !important; - cursor: inherit; - text-shadow: none; - opacity: 0.33; -} - -.sexybutton:hover span, -.sexybutton:focus span { - background-position: 100% -24px; -} - -.sexybutton:hover span span, -.sexybutton:focus span span { - background-position: 0% -24px; -} - -.sexybutton:active span { - background-position: 100% -48px; -} - -.sexybutton:active span span { - background-position: 0% -48px; -} - -.sexybutton[disabled] span, -.sexybutton.disabled span { - background-position: 100% -72px; -} - -.sexybutton[disabled] span span, -.sexybutton.disabled span span { - background-position: 0% -72px; -} - -.sexybutton:hover span span span, -.sexybutton:focus span span span, -.sexybutton:active span span span, -.sexybutton[disabled] span span span, -.sexybutton.disabled span span span { - background-position: left center; -} - -.sexybutton:hover span span span.after, -.sexybutton:focus span span span.after, -.sexybutton:active span span span.after, -.sexybutton[disabled] span span span.after, -.sexybutton.disabled span span span.after { - background-position: right center; -} - -.sexybutton img { - margin-right: 5px; - vertical-align: text-top; - /* IE6 Hack */ - _margin-top: 4px; - _vertical-align: text-bottom; - /* IE6 still requires a PNG transparency fix */ - /* _display: none; Or just hide icons from the undeserving IE6 */ -} - -.sexybutton img.after { - margin-right: 0; - margin-left: 5px; - /* IE6 still requires a PNG transparency fix */ - /* _margin-left: 0; Or just hide icons from the undeserving IE6 */ -} - -.sexybutton.sexysmalls { font-size:.8em !important; } -.sexybutton.sexymedium { font-size: 15px !important; } -.sexybutton.sexylarge { font-size: 18px !important; } - - -/* - * Button Skins - * - * .PNG background images with alpha transparency are also supplied if you'd rather use them instead of the - * default .GIF images. (Just beware of IE6's lack of support.) - * - * Additional skins can be added below. The images/skins/ButtonTemplate.psd can be used to create new skins. - * Prefix the skin name with "sexy" to avoid any potential conflicts with other class names. - */ - -/* - * Simple Skin Buttons - */ - -.sexybutton.sexysimple { - position: relative; - padding: 5px 10px 5px; - font: inherit; - font-size: .85em !important; - font-style: normal !important; - font-weight: bold !important; - color: #fff !important; - line-height: 1; - background-image: url(/snort/images//awesome-overlay-sprite.png); - background-repeat: repeat-x; - background-position: 0 0; - - /* Special effects */ - text-shadow: 0 -1px 1px rgba(0,0,0,0.25), -2px 0 1px rgba(0,0,0,0.25); - border-radius: 5px; - -moz-border-radius: 5px; - -webkit-border-radius: 5px; - -moz-box-shadow: 0 1px 2px rgba(0,0,0,0.5); - -webkit-box-shadow: 0 1px 2px rgba(0,0,0,0.5); - - /* IE only stuff */ - border-bottom: 1px solid transparent\9; - _background-image: none; - - /* Cross browser inline block hack - http://blog.mozilla.com/webdev/2009/02/20/cross-browser-inline-block/ */ - display: -moz-inline-stack; - display: inline-block; - vertical-align: middle; - *display: inline !important; - position: relative; - - /* Force hasLayout in IE */ - zoom: 1; - - /* Disable text selection (Firefox only)*/ - -moz-user-select: none; -} - -.sexybutton.sexysimple::selection { - background: transparent; -} - -.sexybutton.sexysimple:hover, -.sexybutton.sexysimple:focus { - background-position: 0 -50px; - color: #fff !important; -} - -.sexybutton.sexysimple:active { - background-position: 0 -100px; - -moz-box-shadow: inset 0 1px 2px rgba(0,0,0,0.7); - /* Unfortunately, Safari doesn't support inset yet */ - -webkit-box-shadow: none; - - /* IE only stuff */ - border-bottom: 0\9; - border-top: 1px solid #666\9; -} - -.sexybutton.sexysimple[disabled], -.sexybutton.sexysimple.disabled { - background-position: 0 -150px; - color: #333 !important; - text-shadow: none; -} - -.sexybutton.sexysimple[disabled]:hover, -.sexybutton.sexysimple[disabled]:focus, -.sexybutton.sexysimple[disabled]:active, -.sexybutton.sexysimple.disabled:hover, -.sexybutton.sexysimple.disabled:focus, -.sexybutton.sexysimple.disabled:active { - -moz-box-shadow: 0 1px 2px rgba(0,0,0,0.5); - -webkit-box-shadow: 0 1px 2px rgba(0,0,0,0.5); -} - -.sexybutton.sexysimple span { - height: auto; - padding-left: 24px; - padding-right: 0; - background-position: left center; - background-repeat: no-repeat; - /* IE6 still requires a PNG transparency fix */ - /* _padding-left: 0; Or just hide icons from the undeserving IE6 */ -} - -.sexybutton.sexysimple span.after { - padding-left: 0; - padding-right: 24px; - background-position: right center; - /* IE6 still requires a PNG transparency fix */ - /* _padding-right: 0; Or just hide icons from the undeserving IE6 */ -} - -/* Simple button colors */ -.sexybutton.sexysimple { background-color: #333; } /* Default */ -.sexybutton.sexysimple.sexyblack { background-color: #333; } -.sexybutton.sexysimple.sexyred { background-color: #a90118; } -.sexybutton.sexysimple.sexyorange { background-color: #ff8a00; } -.sexybutton.sexysimple.sexyyellow { background-color: #ffb515; } -.sexybutton.sexysimple.sexygreen { background-color: #59a901; } -.sexybutton.sexysimple.sexyblue { background-color: #015ea9; } -.sexybutton.sexysimple.sexyteal { background-color: #2daebf; } -.sexybutton.sexysimple.sexymagenta { background-color: #a9014b; } -.sexybutton.sexysimple.sexypurple { background-color: #9d01a9; } - -/* Simple button sizes */ -.sexybutton.sexysimple.sexysmall { padding: 4px 7px 5px; font-size: 10px !important; } -.sexybutton.sexysimple.sexysmall:active { padding: 5px 7px 4px; } -.sexybutton.sexysimple { /* default */ } -.sexybutton.sexysimple:active { padding: 6px 10px 4px; } -.sexybutton.sexysimple.sexymedium { /* default */ } -.sexybutton.sexysimple.sexymedium:active { padding: 6px 10px 4px; } -.sexybutton.sexysimple.sexylarge { padding: 8px 14px 8px; font-size: 14px !important; } -.sexybutton.sexysimple.sexylarge:active { padding: 9px 14px 7px; } -.sexybutton.sexysimple.sexyxl { padding: 8px 14px 8px; font-size: 16px !important; } -.sexybutton.sexysimple.sexyxl:active { padding: 9px 14px 7px; } -.sexybutton.sexysimple.sexyxxl { padding: 8px 14px 8px; font-size: 20px !important; } -.sexybutton.sexysimple.sexyxxl:active { padding: 9px 14px 7px; } -.sexybutton.sexysimple.sexyxxxl { padding: 8px 14px 8px; font-size: 26px !important; } -.sexybutton.sexysimple.sexyxxxl:active { padding: 9px 14px 7px; } - -.sexybutton.sexysimple.sexysmall[disabled]:active, -.sexybutton.sexysimple.sexysmall.disabled:active { padding: 4px 7px 5px; } -.sexybutton.sexysimple[disabled]:active, -.sexybutton.sexysimple.disabled:active { padding: 5px 10px 5px; } -.sexybutton.sexysimple.sexymedium[disabled]:active, -.sexybutton.sexysimple.sexymedium.disabled:active { padding: 6px 10px 4px; } -.sexybutton.sexysimple.sexylarge[disabled]:active, -.sexybutton.sexysimple.sexylarge.disabled:active { padding: 8px 14px 8px; } -.sexybutton.sexysimple.sexyxl[disabled]:active, -.sexybutton.sexysimple.sexyxl.disabled:active { padding: 8px 14px 8px; } -.sexybutton.sexysimple.sexyxxl[disabled]:active, -.sexybutton.sexysimple.sexyxxl.disabled:active { padding: 8px 14px 8px; } -.sexybutton.sexysimple.sexyxxxl[disabled]:active, -.sexybutton.sexysimple.sexyxxxl.disabled:active { padding: 8px 14px 8px; } - - -/* - * Icon Definitions - */ - -/* Silk Icons - http://www.famfamfam.com/lab/icons/silk/ */ -/* (Obviously not all Silk icons are defined here. Feel free to define any other icons that you may need.) */ - -.sexybutton span.ok { background-image: url(/snort/images//tick.png) !important; } -.sexybutton span.cancel { background-image: url(/snort/images//cross.png) !important; } -.sexybutton span.add { background-image: url(/snort/images//add.png) !important; } -.sexybutton span.delete { background-image: url(/snort/images//delete.png) !important; } -.sexybutton span.download { background-image: url(/snort/images//arrow_down.png) !important; } -.sexybutton span.pwhitetxt { background-image: url(/snort/images//page_white_text.png) !important; } - +/*
+ * Sexy Buttons
+ *
+ * DESCRIPTION:
+ * Sexy, skinnable HTML/CSS buttons with icons.
+ *
+ * PROJECT URL:
+ * http://code.google.com/p/sexybuttons/
+ *
+ * AUTHOR:
+ * Richard Davies
+ * http://www.richarddavies.us
+ * Richard@richarddavies.us
+ *
+ * VERSION:
+ * 1.1
+ *
+ * LICENSE:
+ * Apache License 2.0 (http://www.apache.org/licenses/LICENSE-2.0)
+ * Creative Commons 3.0 Attribution (http://creativecommons.org/licenses/by/3.0/)
+ *
+ * CREDITS:
+ * Inspired by, derived from, and thanks to:
+ * http://www.p51labs.com/simply-buttons-v2/
+ * http://www.oscaralexander.com/tutorials/how-to-make-sexy-buttons-with-css.html
+ * http://www.zurb.com/article/266/super-awesome-buttons-with-css3-and-rgba
+ * http://www.elctech.com/snippets/make-your-buttons-look-super-awesome
+ *
+ * USAGE:
+ * Simply add class="sexybutton [skin]" to a <button> or <a> element and wrap the label text with double <span>s.
+ * You can optionally add a "silk" icon to the button text by using a third <span> with class to identify the icon.
+ *
+ * EXAMPLE:
+ * <button id="btn1" class="sexybutton" name="btn1" type="submit" value="Submit">
+ * <span><span><span class="ok">Submit</span></span></span>
+ * </button>
+ */
+
+
+/*
+ * Generic styles for all Sexy Buttons
+ */
+
+.sexybutton {
+ display: inline-block;
+ margin: 0;
+ padding: 0;
+ font: bold 13px "Helvetica Neue", Helvetica, Arial !important;
+ text-decoration: none !important;
+ text-shadow: 1px 1px 2px rgba(0,0,0,0.20);
+ background: none;
+ border: none;
+ white-space: nowrap;
+ cursor: pointer;
+ user-select: none;
+ -moz-user-select: none;
+
+ /* Fix extra width padding in IE */
+ _width: 0;
+ overflow: visible;
+}
+
+.sexybutton span {
+ display: block; /* Prevents :active from working in IE--oh well! */
+ height: 24px;
+ padding-right: 12px;
+ background-repeat: no-repeat;
+ background-position: right top;
+}
+
+.sexybutton span span {
+ padding-right: 0;
+ padding-left: 12px;
+ line-height: 24px;
+ background-position: left top;
+}
+
+.sexybutton span span span {
+ padding-left: 21px;
+ background-image: none;
+ background-repeat: no-repeat;
+ background-position: left center;
+ /* IE6 still requires a PNG transparency fix */
+ /* _background-image: none; Or just hide icons from the undeserving IE6 */
+ /* _padding-left: 0; Or just hide icons from the undeserving IE6 */
+}
+
+.sexybutton span span span.after {
+ padding-left: 0px;
+ padding-right: 21px;
+ background-position: right center;
+ /* IE6 still requires a PNG transparency fix */
+ /* _padding-right: 0; Or just hide icons from the undeserving IE6 */
+}
+
+.sexybutton[disabled],
+.sexybutton[disabled]:hover,
+.sexybutton[disabled]:focus,
+.sexybutton[disabled]:active,
+.sexybutton.disabled,
+.sexybutton.disabled:hover,
+.sexybutton.disabled:focus,
+.sexybutton.disabled:active {
+ color: #333 !important;
+ cursor: inherit;
+ text-shadow: none;
+ opacity: 0.33;
+}
+
+.sexybutton:hover span,
+.sexybutton:focus span {
+ background-position: 100% -24px;
+}
+
+.sexybutton:hover span span,
+.sexybutton:focus span span {
+ background-position: 0% -24px;
+}
+
+.sexybutton:active span {
+ background-position: 100% -48px;
+}
+
+.sexybutton:active span span {
+ background-position: 0% -48px;
+}
+
+.sexybutton[disabled] span,
+.sexybutton.disabled span {
+ background-position: 100% -72px;
+}
+
+.sexybutton[disabled] span span,
+.sexybutton.disabled span span {
+ background-position: 0% -72px;
+}
+
+.sexybutton:hover span span span,
+.sexybutton:focus span span span,
+.sexybutton:active span span span,
+.sexybutton[disabled] span span span,
+.sexybutton.disabled span span span {
+ background-position: left center;
+}
+
+.sexybutton:hover span span span.after,
+.sexybutton:focus span span span.after,
+.sexybutton:active span span span.after,
+.sexybutton[disabled] span span span.after,
+.sexybutton.disabled span span span.after {
+ background-position: right center;
+}
+
+.sexybutton img {
+ margin-right: 5px;
+ vertical-align: text-top;
+ /* IE6 Hack */
+ _margin-top: 4px;
+ _vertical-align: text-bottom;
+ /* IE6 still requires a PNG transparency fix */
+ /* _display: none; Or just hide icons from the undeserving IE6 */
+}
+
+.sexybutton img.after {
+ margin-right: 0;
+ margin-left: 5px;
+ /* IE6 still requires a PNG transparency fix */
+ /* _margin-left: 0; Or just hide icons from the undeserving IE6 */
+}
+
+.sexybutton.sexysmalls { font-size:.8em !important; }
+.sexybutton.sexymedium { font-size: 15px !important; }
+.sexybutton.sexylarge { font-size: 18px !important; }
+
+
+/*
+ * Button Skins
+ *
+ * .PNG background images with alpha transparency are also supplied if you'd rather use them instead of the
+ * default .GIF images. (Just beware of IE6's lack of support.)
+ *
+ * Additional skins can be added below. The images/skins/ButtonTemplate.psd can be used to create new skins.
+ * Prefix the skin name with "sexy" to avoid any potential conflicts with other class names.
+ */
+
+/*
+ * Simple Skin Buttons
+ */
+
+.sexybutton.sexysimple {
+ position: relative;
+ padding: 5px 10px 5px;
+ font: inherit;
+ font-size: .85em !important;
+ font-style: normal !important;
+ font-weight: bold !important;
+ color: #fff !important;
+ line-height: 1;
+ background-image: url(/snort/images//awesome-overlay-sprite.png);
+ background-repeat: repeat-x;
+ background-position: 0 0;
+
+ /* Special effects */
+ text-shadow: 0 -1px 1px rgba(0,0,0,0.25), -2px 0 1px rgba(0,0,0,0.25);
+ border-radius: 5px;
+ -moz-border-radius: 5px;
+ -webkit-border-radius: 5px;
+ -moz-box-shadow: 0 1px 2px rgba(0,0,0,0.5);
+ -webkit-box-shadow: 0 1px 2px rgba(0,0,0,0.5);
+
+ /* IE only stuff */
+ border-bottom: 1px solid transparent\9;
+ _background-image: none;
+
+ /* Cross browser inline block hack - http://blog.mozilla.com/webdev/2009/02/20/cross-browser-inline-block/ */
+ display: -moz-inline-stack;
+ display: inline-block;
+ vertical-align: middle;
+ *display: inline !important;
+ position: relative;
+
+ /* Force hasLayout in IE */
+ zoom: 1;
+
+ /* Disable text selection (Firefox only)*/
+ -moz-user-select: none;
+}
+
+.sexybutton.sexysimple::selection {
+ background: transparent;
+}
+
+.sexybutton.sexysimple:hover,
+.sexybutton.sexysimple:focus {
+ background-position: 0 -50px;
+ color: #fff !important;
+}
+
+.sexybutton.sexysimple:active {
+ background-position: 0 -100px;
+ -moz-box-shadow: inset 0 1px 2px rgba(0,0,0,0.7);
+ /* Unfortunately, Safari doesn't support inset yet */
+ -webkit-box-shadow: none;
+
+ /* IE only stuff */
+ border-bottom: 0\9;
+ border-top: 1px solid #666\9;
+}
+
+.sexybutton.sexysimple[disabled],
+.sexybutton.sexysimple.disabled {
+ background-position: 0 -150px;
+ color: #333 !important;
+ text-shadow: none;
+}
+
+.sexybutton.sexysimple[disabled]:hover,
+.sexybutton.sexysimple[disabled]:focus,
+.sexybutton.sexysimple[disabled]:active,
+.sexybutton.sexysimple.disabled:hover,
+.sexybutton.sexysimple.disabled:focus,
+.sexybutton.sexysimple.disabled:active {
+ -moz-box-shadow: 0 1px 2px rgba(0,0,0,0.5);
+ -webkit-box-shadow: 0 1px 2px rgba(0,0,0,0.5);
+}
+
+.sexybutton.sexysimple span {
+ height: auto;
+ padding-left: 24px;
+ padding-right: 0;
+ background-position: left center;
+ background-repeat: no-repeat;
+ /* IE6 still requires a PNG transparency fix */
+ /* _padding-left: 0; Or just hide icons from the undeserving IE6 */
+}
+
+.sexybutton.sexysimple span.after {
+ padding-left: 0;
+ padding-right: 24px;
+ background-position: right center;
+ /* IE6 still requires a PNG transparency fix */
+ /* _padding-right: 0; Or just hide icons from the undeserving IE6 */
+}
+
+/* Simple button colors */
+.sexybutton.sexysimple { background-color: #333; } /* Default */
+.sexybutton.sexysimple.sexyblack { background-color: #333; }
+.sexybutton.sexysimple.sexyred { background-color: #a90118; }
+.sexybutton.sexysimple.sexyorange { background-color: #ff8a00; }
+.sexybutton.sexysimple.sexyyellow { background-color: #ffb515; }
+.sexybutton.sexysimple.sexygreen { background-color: #59a901; }
+.sexybutton.sexysimple.sexyblue { background-color: #015ea9; }
+.sexybutton.sexysimple.sexyteal { background-color: #2daebf; }
+.sexybutton.sexysimple.sexymagenta { background-color: #a9014b; }
+.sexybutton.sexysimple.sexypurple { background-color: #9d01a9; }
+
+/* Simple button sizes */
+.sexybutton.sexysimple.sexysmall { padding: 4px 7px 5px; font-size: 10px !important; }
+.sexybutton.sexysimple.sexysmall:active { padding: 5px 7px 4px; }
+.sexybutton.sexysimple { /* default */ }
+.sexybutton.sexysimple:active { padding: 6px 10px 4px; }
+.sexybutton.sexysimple.sexymedium { /* default */ }
+.sexybutton.sexysimple.sexymedium:active { padding: 6px 10px 4px; }
+.sexybutton.sexysimple.sexylarge { padding: 8px 14px 8px; font-size: 14px !important; }
+.sexybutton.sexysimple.sexylarge:active { padding: 9px 14px 7px; }
+.sexybutton.sexysimple.sexyxl { padding: 8px 14px 8px; font-size: 16px !important; }
+.sexybutton.sexysimple.sexyxl:active { padding: 9px 14px 7px; }
+.sexybutton.sexysimple.sexyxxl { padding: 8px 14px 8px; font-size: 20px !important; }
+.sexybutton.sexysimple.sexyxxl:active { padding: 9px 14px 7px; }
+.sexybutton.sexysimple.sexyxxxl { padding: 8px 14px 8px; font-size: 26px !important; }
+.sexybutton.sexysimple.sexyxxxl:active { padding: 9px 14px 7px; }
+
+.sexybutton.sexysimple.sexysmall[disabled]:active,
+.sexybutton.sexysimple.sexysmall.disabled:active { padding: 4px 7px 5px; }
+.sexybutton.sexysimple[disabled]:active,
+.sexybutton.sexysimple.disabled:active { padding: 5px 10px 5px; }
+.sexybutton.sexysimple.sexymedium[disabled]:active,
+.sexybutton.sexysimple.sexymedium.disabled:active { padding: 6px 10px 4px; }
+.sexybutton.sexysimple.sexylarge[disabled]:active,
+.sexybutton.sexysimple.sexylarge.disabled:active { padding: 8px 14px 8px; }
+.sexybutton.sexysimple.sexyxl[disabled]:active,
+.sexybutton.sexysimple.sexyxl.disabled:active { padding: 8px 14px 8px; }
+.sexybutton.sexysimple.sexyxxl[disabled]:active,
+.sexybutton.sexysimple.sexyxxl.disabled:active { padding: 8px 14px 8px; }
+.sexybutton.sexysimple.sexyxxxl[disabled]:active,
+.sexybutton.sexysimple.sexyxxxl.disabled:active { padding: 8px 14px 8px; }
+
+
+/*
+ * Icon Definitions
+ */
+
+/* Silk Icons - http://www.famfamfam.com/lab/icons/silk/ */
+/* (Obviously not all Silk icons are defined here. Feel free to define any other icons that you may need.) */
+
+.sexybutton span.ok { background-image: url(/snort/images//tick.png) !important; }
+.sexybutton span.cancel { background-image: url(/snort/images//cross.png) !important; }
+.sexybutton span.add { background-image: url(/snort/images//add.png) !important; }
+.sexybutton span.delete { background-image: url(/snort/images//delete.png) !important; }
+.sexybutton span.download { background-image: url(/snort/images//arrow_down.png) !important; }
+.sexybutton span.pwhitetxt { background-image: url(/snort/images//page_white_text.png) !important; }
+
diff --git a/config/snort-dev/css/style.css b/config/snort-dev/css/style.css index b484966c..7fca38f3 100644 --- a/config/snort-dev/css/style.css +++ b/config/snort-dev/css/style.css @@ -1,206 +1,206 @@ -.alert { - position:absolute; - top:10px; - left:0px; - width:94%; -background:#FCE9C0; -background-position: 15px; -border-top:2px solid #DBAC48; -border-bottom:2px solid #DBAC48; -padding: 15px 10px 85% 50px; -} - -.formpre { -font-family:arial; -font-size: 1.1em; -} - -#download_rules { -font-family: arial; -font-size: 13px; -font-weight: bold; -text-align: center -} - -#download_rules_td { -font-family: arial; -font-size: 13px; -font-weight: bold; -text-align: center -} - -/* hack fix the hard coded fbegin link */ -#header-left2 { -position: absolute; -background-position: center center; -height: 67px; -width: 147px; -top: -77px; -left: 8px; -float: left; -z-index:999; -} -#header-left2 #status-link2 { - position: relative; - top: 3px; - left: 2px; -} -/* end of fbegin hack */ - -.body2 { -font-family:arial; -font-size:12px; -} - - - - -/* Start of main css Pfsense */ -/* Start of main css Pfsense */ - -@charset "utf-8"; -.textstyle { - font-family: Arial, Helvetica, sans-serif; - font-size: 12px; - font-style: normal; - background-color: #666; - color: #CCC; -} -.textstyle p2 a { - font-family: Arial, Helvetica, sans-serif; - font-size: 12px; - font-style: normal; - color: #CCC; -} - -.textstyle p { - font-family: Arial, Helvetica, sans-serif; - font-size: 24px; - font-weight: bold; - color: #FFF; - text-decoration: underline; -} -.textstyle p2 { - font-family: Arial, Helvetica, sans-serif; - font-size: 12px; - color: #CCC; -} - -/* Start of main css for table sort */ -/* Start of main css for table sort */ - -table { - margin: 0; - padding: 0; - border: 0; - font-weight: inherit; - font-style: inherit; - font-size: 9; - font-family: Arial, Helvetica, sans-serif; - vertical-align: baseline; -} - -/* Tables still need 'cellspacing="0"' in the markup. */ -table { border-collapse: separate; border-spacing: 0; } -caption, th, td { text-align: left; font-weight:400; } - -/* Remove possible quote marks (") from <q>, <blockquote>. */ -blockquote:before, blockquote:after, q:before, q:after { content: ""; } -blockquote, q { quotes: "" ""; } - -#container { - width: auto; - margin: 0px; - padding-top: 10px; - padding-bottom: 10px; -} - - - -/************************************************************** - - Sortable Table - v 1.4 - -**************************************************************/ - - - -th { - background-color: #eee; - background: #eee url(/snort/images/icon-table-sort.png) no-repeat 2px 8px; - padding: 4px 4px 4px 14px; -} - -.allRow { - background-color: #eee; - padding: 4px; -} - -tr.altRow { - background-color: #fff; -} - -.leftAlign { - text-align: left; -} - -.centerAlign { - text-align: center; -} - -.rightAlign { - text-align: right; -} - -.sortedASC { - background: url(/snort/images/icon-table-sort-asc.png) no-repeat 2px 4px #eee; -} - -.sortedDESC { - background: url(/snort/images/icon-table-sort-desc.png) no-repeat 2px 10px #eee; -} - -.tableHeaderOver { - cursor: pointer; - color: #354158; -} - - -tr.selected { - background-color: 9999ff; - color: #000000; -} - -tr.over { - background-color: #993333; - color: #fff; - cursor: pointer; -} - -tr.hide { - display: none; -} -/***************************/ - -.mainTableFilter { - position: absolute; - top: 0; - left: -10px; - width: auto; -} - -.tableFilter { - border: 1px solid #ccc; - padding: 2px; - margin: 5px 0 10px 0; -} - -.tableFilter input { - border: 1px solid #ccc; -} - -.tableFilter select { - border: 1px solid #ccc; -} - +.alert {
+ position:absolute;
+ top:10px;
+ left:0px;
+ width:94%;
+background:#FCE9C0;
+background-position: 15px;
+border-top:2px solid #DBAC48;
+border-bottom:2px solid #DBAC48;
+padding: 15px 10px 85% 50px;
+}
+
+.formpre {
+font-family:arial;
+font-size: 1.1em;
+}
+
+#download_rules {
+font-family: arial;
+font-size: 13px;
+font-weight: bold;
+text-align: center
+}
+
+#download_rules_td {
+font-family: arial;
+font-size: 13px;
+font-weight: bold;
+text-align: center
+}
+
+/* hack fix the hard coded fbegin link */
+#header-left2 {
+position: absolute;
+background-position: center center;
+height: 67px;
+width: 147px;
+top: -77px;
+left: 8px;
+float: left;
+z-index:999;
+}
+#header-left2 #status-link2 {
+ position: relative;
+ top: 3px;
+ left: 2px;
+}
+/* end of fbegin hack */
+
+.body2 {
+font-family:arial;
+font-size:12px;
+}
+
+
+
+
+/* Start of main css Pfsense */
+/* Start of main css Pfsense */
+
+@charset "utf-8";
+.textstyle {
+ font-family: Arial, Helvetica, sans-serif;
+ font-size: 12px;
+ font-style: normal;
+ background-color: #666;
+ color: #CCC;
+}
+.textstyle p2 a {
+ font-family: Arial, Helvetica, sans-serif;
+ font-size: 12px;
+ font-style: normal;
+ color: #CCC;
+}
+
+.textstyle p {
+ font-family: Arial, Helvetica, sans-serif;
+ font-size: 24px;
+ font-weight: bold;
+ color: #FFF;
+ text-decoration: underline;
+}
+.textstyle p2 {
+ font-family: Arial, Helvetica, sans-serif;
+ font-size: 12px;
+ color: #CCC;
+}
+
+/* Start of main css for table sort */
+/* Start of main css for table sort */
+
+table {
+ margin: 0;
+ padding: 0;
+ border: 0;
+ font-weight: inherit;
+ font-style: inherit;
+ font-size: 9;
+ font-family: Arial, Helvetica, sans-serif;
+ vertical-align: baseline;
+}
+
+/* Tables still need 'cellspacing="0"' in the markup. */
+table { border-collapse: separate; border-spacing: 0; }
+caption, th, td { text-align: left; font-weight:400; }
+
+/* Remove possible quote marks (") from <q>, <blockquote>. */
+blockquote:before, blockquote:after, q:before, q:after { content: ""; }
+blockquote, q { quotes: "" ""; }
+
+#container {
+ width: auto;
+ margin: 0px;
+ padding-top: 10px;
+ padding-bottom: 10px;
+}
+
+
+
+/**************************************************************
+
+ Sortable Table
+ v 1.4
+
+**************************************************************/
+
+
+
+th {
+ background-color: #eee;
+ background: #eee url(/snort/images/icon-table-sort.png) no-repeat 2px 8px;
+ padding: 4px 4px 4px 14px;
+}
+
+.allRow {
+ background-color: #eee;
+ padding: 4px;
+}
+
+tr.altRow {
+ background-color: #fff;
+}
+
+.leftAlign {
+ text-align: left;
+}
+
+.centerAlign {
+ text-align: center;
+}
+
+.rightAlign {
+ text-align: right;
+}
+
+.sortedASC {
+ background: url(/snort/images/icon-table-sort-asc.png) no-repeat 2px 4px #eee;
+}
+
+.sortedDESC {
+ background: url(/snort/images/icon-table-sort-desc.png) no-repeat 2px 10px #eee;
+}
+
+.tableHeaderOver {
+ cursor: pointer;
+ color: #354158;
+}
+
+
+tr.selected {
+ background-color: 9999ff;
+ color: #000000;
+}
+
+tr.over {
+ background-color: #993333;
+ color: #fff;
+ cursor: pointer;
+}
+
+tr.hide {
+ display: none;
+}
+/***************************/
+
+.mainTableFilter {
+ position: absolute;
+ top: 0;
+ left: -10px;
+ width: auto;
+}
+
+.tableFilter {
+ border: 1px solid #ccc;
+ padding: 2px;
+ margin: 5px 0 10px 0;
+}
+
+.tableFilter input {
+ border: 1px solid #ccc;
+}
+
+.tableFilter select {
+ border: 1px solid #ccc;
+}
+
diff --git a/config/snort-dev/help_and_info.php b/config/snort-dev/help_and_info.php index af8eb4ae..95693ef4 100644 --- a/config/snort-dev/help_and_info.php +++ b/config/snort-dev/help_and_info.php @@ -1,247 +1,247 @@ -<?php - -require_once("guiconfig.inc"); - -echo ' - -<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" -"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> -<html xmlns="http://www.w3.org/1999/xhtml"> -<head> -<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" /> -<title>The Snort Package Help Page</title> -<style type="text/css"> -body { - background: #f0f0f0; - margin: 0; - padding: 0; - font: 10px normal Verdana, Arial, Helvetica, sans-serif; - color: #444; -} -h1 {font-size: 3em; margin: 20px 0;} -.container {width: 800px; margin: 10px auto;} -ul.tabs { - margin: 0; - padding: 0; - float: left; - list-style: none; - height: 25px; - border-bottom: 1px solid #999; - border-left: 1px solid #999; - width: 100%; -} -ul.tabs li { - float: left; - margin: 0; - padding: 0; - height: 24px; - line-height: 24px; - border: 1px solid #000000; - border-left: none; - margin-bottom: -1px; - background: #ffffff; - overflow: hidden; - position: relative; -} -ul.tabs li a { - text-decoration: none; - color: #000000; - display: block; - font-size: 1.2em; - padding: 0 20px; - border: 1px solid #fff; - outline: none; -} -ul.tabs li a:hover { - background: #eeeeee; -} - -html ul.tabs li.active, html ul.tabs li.active a:hover { - background: #fff; - border-bottom: 1px solid #fff; - color: #000000; -} -.tab_container { - border: 1px solid #999; - border-top: none; - clear: both; - float: left; - width: 100%; - background: #fff; - -moz-border-radius-bottomright: 5px; - -khtml-border-radius-bottomright: 5px; - -webkit-border-bottom-right-radius: 5px; - -moz-border-radius-bottomleft: 5px; - -khtml-border-radius-bottomleft: 5px; - -webkit-border-bottom-left-radius: 5px; -} -.tab_content { - padding: 20px; - font-size: 1.2em; -} -.tab_content h2 { - font-weight: normal; - padding-bottom: 10px; - border-bottom: 1px dashed #ddd; - font-size: 1.8em; -} -.tab_content h3 a{ - color: #254588; -} -.tab_content img { - float: left; - margin: 0 20px 20px 0; - border: 1px solid #ddd; - padding: 5px; -} -</style> - -<script type="text/javascript" src="./javascript/jquery-1.4.2.min.js"></script> - -<script type="text/javascript"> - -jQuery(document).ready(function() { - - //Default Action - jQuery(".tab_content").hide(); //Hide all content - jQuery("ul.tabs li:first").addClass("active").show(); //Activate first tab - jQuery(".tab_content:first").show(); //Show first tab content - - //On Click Event - jQuery("ul.tabs li").click(function() { - jQuery("ul.tabs li").removeClass("active"); //Remove any "active" class - jQuery(this).addClass("active"); //Add "active" class to selected tab - jQuery(".tab_content").hide(); //Hide all tab content - var activeTab = jQuery(this).find("a").attr("href"); //Find the rel attribute value to identify the active tab + content - jQuery(activeTab).fadeIn(); //Fade in the active content - return false; - }); - -}); - -</script> - -</head> - -<body> - -<div class="container"> - <ul class="tabs"> - <li><a href="#tab1">Home</a></li> - <li><a href="#tab2">Change Log</a></li> - <li><a href="#tab3">Getting Help</a></li> - <li><a href="#tab4">Heros</a></li> - </ul> - <div class="tab_container"> - <div id="tab1" class="tab_content"> - <h2><a href="#"> <img src="./images/logo.jpg" width="750px" height="76" ALT="Snort Package" /></a></h2> - - <p> - <font size="5"><strong>Snort Package</strong></font> is a GUI based front-end for Sourcefire\'s Snort ® IDS/IPS software. The Snort Package goal is to be - the best open-source GUI to manage multiple snort sensors and multiple rule snapshots. The project other goal is to be a highly competitive GUI for - network monitoring for both private and enterprise use. Lastly, this project software development should bring programmers and users together to create - software. - </p> - <p> - <font size="5"><strong>What is Snort ?</strong></font> Used by fortune 500 companies and goverments Snort is the most widely deployed IDS/IPS technology worldwide. It features rules based logging and - can perform content searching/matching in addition to being used to detect a variety of other attacks and probes, such as buffer overflows, stealth port - scans, CGI attacks, SMB probes, and much more. - </p> - <p> - <font size="5"><strong>Requirements :</strong></font><br> - Minimum requirement 256 mb ram, 500 MHz CPU.<br> - Recommended 500 mb ram, 1 Ghz CPU.<br> - The more rules you run the more memory you need.<br> - The more interfaces you select the more memory you need.<br><br> - Development is done on a Alix 2D3 system (500 MHz AMD Geode LX800 CPU 256MB DDR DRAM). - </p> - - </div> - - <div id="tab2" class="tab_content"> - <h2><a href="#"> <img src="./images/logo.jpg" width="750px" height="76" ALT="Snort Package" /></a></h2> - - <p><font size="5"><strong>Change Log</strong></font><p> - - <p>Changes to this package can be viewed by following <a href="https://github.com/bsdperimeter/pfsense-packages" target="_blank"><font size="2" color="#990000"><strong>packages repository</strong></font></a></p> - </div> - - <div id="tab3" class="tab_content"> - <h2><a href="#"> <img src="./images/logo.jpg" width="750px" height="76" ALT="Snort Package" /></a></h2> - - <p><font size="5"><strong>Getting Help</strong></font></p> - -<p> -<font size="2"><strong>Obtaining Support</strong></font><br> - -We provide several means of obtaining support for pfSense. -</p> - -<p> -<font color="#990000" size="4"><strong>Free Options</strong></font><br> -Our free options include our <a href="http://forum.pfsense.org/" target="_blank"><font color="#990000"><strong>forum</strong></font></a>, <a href="http://www.pfsense.org/index.php?option=com_content&task=view&id=66&Itemid=71" target="_blank"><font color="#990000"><strong>mailing list</strong></font></a> , and <a href="http://www.pfsense.org/index.php?option=com_content&task=view&id=64&Itemid=72" target="_blank"><font color="#990000"><strong>IRC channel</strong></font></a>. Before using any of these resources, please review the Project Rules below. -</p> - -<p> -<font color="#990000" size="4"><strong>Commercial Support</strong></font><br> - -<a href="https://portal.pfsense.org/index.php/support-subscription" target="_blank"><font color="#990000"><strong>Commercial support</strong></font></a> is available from the company founded by the founders of the pfSense project, <a href="http://www.bsdperimeter.com/" target="_blank"><font color="#990000"><strong>BSD Perimeter</strong></font></a>. Phone and email support is available for <a href="https://portal.pfsense.org/index.php/support-subscription" target="_blank"><font color="#990000"><strong>support subscribers</strong></font></a> only. -</p> - -<p> -<font color="#990000" size="4"><strong>Project Rules</strong></font><br> -To keep things orderly, and be fair to everyone, we must enforce these rules. -</p> - -<p> -Please do not post support questions to the blog comments. The comments are for discussion of the post, and letting people ask questions there would make a mess of the purpose of those comments. Any support questions will not be moderator approved. -</p> - -<p> -Please do not cross post questions between the forum and mailing list, unless your inquiry has gone unanswered for at least 24 hours. Do not bump your mailing list or forum posts for at least 24 hours. If you have not received a reply after more than 24 hours, you are welcome to bump your thread. -</p> - -<p> -Please do not email individuals, the coreteam address, or private message people on the forum to ask questions. We provide a wide variety of means for obtaining help in a public forum, where it helps others who have the same questions in the future. We don\'t have enough time to answer all the questions our users post in the public forums, much less via email and private messages. Since we cannot possibly reply to everyone\'s email and private messages, to be fair we will not reply to anyone. Individual attention via phone and email support is available for commercial support customers. -</p> - </div> - - <div id="tab4" class="tab_content"> - <h2><a href="#"> <img src="./images/logo.jpg" width="750px" height="76" ALT="Snort Package" /></a></h2> - - <p><font size="5"><strong>Heros</strong></font></p> - - <p>Pfsense Snort Package users who have cared enough to donate to this project. I can\'t thank you enough for all your help. With-out your support I would have stoped long time ago.</p> - - <p>If your not on this list PM me and I will add you. If you would like to be removed pm me and I will remove you.</p> - - <p><font size="5"><strong>Names</strong></font></p> - - <p>sandro tavella</p> - <p>João Kemp Filho</p> - <p>Julio Fumoso</p> - <p>Rolland Hart</p> - <p>DiMarco Technology Solutions Inc.</p> - <p>Brett Burley</p> - <p>Tomasz Iskra</p> - <p>Bruno Buchschacher</p> - <p>Marco Pannetto</p> - <p>Christopher Weakland</p> - <p>Antonio Riveros</p> - <p>DigitalJer</p> - <p>Serialdie</p> - <p>Dlawley</p> - <p>Onhel</p> - <p>Jerrygoldsmith</p> - - - </div> - </div> -</div> - -</body> -</html> - -'; - -?> +<?php
+
+require_once("guiconfig.inc");
+
+echo '
+
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
+"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml">
+<head>
+<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
+<title>The Snort Package Help Page</title>
+<style type="text/css">
+body {
+ background: #f0f0f0;
+ margin: 0;
+ padding: 0;
+ font: 10px normal Verdana, Arial, Helvetica, sans-serif;
+ color: #444;
+}
+h1 {font-size: 3em; margin: 20px 0;}
+.container {width: 800px; margin: 10px auto;}
+ul.tabs {
+ margin: 0;
+ padding: 0;
+ float: left;
+ list-style: none;
+ height: 25px;
+ border-bottom: 1px solid #999;
+ border-left: 1px solid #999;
+ width: 100%;
+}
+ul.tabs li {
+ float: left;
+ margin: 0;
+ padding: 0;
+ height: 24px;
+ line-height: 24px;
+ border: 1px solid #000000;
+ border-left: none;
+ margin-bottom: -1px;
+ background: #ffffff;
+ overflow: hidden;
+ position: relative;
+}
+ul.tabs li a {
+ text-decoration: none;
+ color: #000000;
+ display: block;
+ font-size: 1.2em;
+ padding: 0 20px;
+ border: 1px solid #fff;
+ outline: none;
+}
+ul.tabs li a:hover {
+ background: #eeeeee;
+}
+
+html ul.tabs li.active, html ul.tabs li.active a:hover {
+ background: #fff;
+ border-bottom: 1px solid #fff;
+ color: #000000;
+}
+.tab_container {
+ border: 1px solid #999;
+ border-top: none;
+ clear: both;
+ float: left;
+ width: 100%;
+ background: #fff;
+ -moz-border-radius-bottomright: 5px;
+ -khtml-border-radius-bottomright: 5px;
+ -webkit-border-bottom-right-radius: 5px;
+ -moz-border-radius-bottomleft: 5px;
+ -khtml-border-radius-bottomleft: 5px;
+ -webkit-border-bottom-left-radius: 5px;
+}
+.tab_content {
+ padding: 20px;
+ font-size: 1.2em;
+}
+.tab_content h2 {
+ font-weight: normal;
+ padding-bottom: 10px;
+ border-bottom: 1px dashed #ddd;
+ font-size: 1.8em;
+}
+.tab_content h3 a{
+ color: #254588;
+}
+.tab_content img {
+ float: left;
+ margin: 0 20px 20px 0;
+ border: 1px solid #ddd;
+ padding: 5px;
+}
+</style>
+
+<script type="text/javascript" src="./javascript/jquery-1.4.2.min.js"></script>
+
+<script type="text/javascript">
+
+jQuery(document).ready(function() {
+
+ //Default Action
+ jQuery(".tab_content").hide(); //Hide all content
+ jQuery("ul.tabs li:first").addClass("active").show(); //Activate first tab
+ jQuery(".tab_content:first").show(); //Show first tab content
+
+ //On Click Event
+ jQuery("ul.tabs li").click(function() {
+ jQuery("ul.tabs li").removeClass("active"); //Remove any "active" class
+ jQuery(this).addClass("active"); //Add "active" class to selected tab
+ jQuery(".tab_content").hide(); //Hide all tab content
+ var activeTab = jQuery(this).find("a").attr("href"); //Find the rel attribute value to identify the active tab + content
+ jQuery(activeTab).fadeIn(); //Fade in the active content
+ return false;
+ });
+
+});
+
+</script>
+
+</head>
+
+<body>
+
+<div class="container">
+ <ul class="tabs">
+ <li><a href="#tab1">Home</a></li>
+ <li><a href="#tab2">Change Log</a></li>
+ <li><a href="#tab3">Getting Help</a></li>
+ <li><a href="#tab4">Heros</a></li>
+ </ul>
+ <div class="tab_container">
+ <div id="tab1" class="tab_content">
+ <h2><a href="#"> <img src="./images/logo.jpg" width="750px" height="76" ALT="Snort Package" /></a></h2>
+
+ <p>
+ <font size="5"><strong>Snort Package</strong></font> is a GUI based front-end for Sourcefire\'s Snort ® IDS/IPS software. The Snort Package goal is to be
+ the best open-source GUI to manage multiple snort sensors and multiple rule snapshots. The project other goal is to be a highly competitive GUI for
+ network monitoring for both private and enterprise use. Lastly, this project software development should bring programmers and users together to create
+ software.
+ </p>
+ <p>
+ <font size="5"><strong>What is Snort ?</strong></font> Used by fortune 500 companies and goverments Snort is the most widely deployed IDS/IPS technology worldwide. It features rules based logging and
+ can perform content searching/matching in addition to being used to detect a variety of other attacks and probes, such as buffer overflows, stealth port
+ scans, CGI attacks, SMB probes, and much more.
+ </p>
+ <p>
+ <font size="5"><strong>Requirements :</strong></font><br>
+ Minimum requirement 256 mb ram, 500 MHz CPU.<br>
+ Recommended 500 mb ram, 1 Ghz CPU.<br>
+ The more rules you run the more memory you need.<br>
+ The more interfaces you select the more memory you need.<br><br>
+ Development is done on a Alix 2D3 system (500 MHz AMD Geode LX800 CPU 256MB DDR DRAM).
+ </p>
+
+ </div>
+
+ <div id="tab2" class="tab_content">
+ <h2><a href="#"> <img src="./images/logo.jpg" width="750px" height="76" ALT="Snort Package" /></a></h2>
+
+ <p><font size="5"><strong>Change Log</strong></font><p>
+
+ <p>Changes to this package can be viewed by following <a href="https://github.com/bsdperimeter/pfsense-packages" target="_blank"><font size="2" color="#990000"><strong>packages repository</strong></font></a></p>
+ </div>
+
+ <div id="tab3" class="tab_content">
+ <h2><a href="#"> <img src="./images/logo.jpg" width="750px" height="76" ALT="Snort Package" /></a></h2>
+
+ <p><font size="5"><strong>Getting Help</strong></font></p>
+
+<p>
+<font size="2"><strong>Obtaining Support</strong></font><br>
+
+We provide several means of obtaining support for pfSense.
+</p>
+
+<p>
+<font color="#990000" size="4"><strong>Free Options</strong></font><br>
+Our free options include our <a href="http://forum.pfsense.org/" target="_blank"><font color="#990000"><strong>forum</strong></font></a>, <a href="http://www.pfsense.org/index.php?option=com_content&task=view&id=66&Itemid=71" target="_blank"><font color="#990000"><strong>mailing list</strong></font></a> , and <a href="http://www.pfsense.org/index.php?option=com_content&task=view&id=64&Itemid=72" target="_blank"><font color="#990000"><strong>IRC channel</strong></font></a>. Before using any of these resources, please review the Project Rules below.
+</p>
+
+<p>
+<font color="#990000" size="4"><strong>Commercial Support</strong></font><br>
+
+<a href="https://portal.pfsense.org/index.php/support-subscription" target="_blank"><font color="#990000"><strong>Commercial support</strong></font></a> is available from the company founded by the founders of the pfSense project, <a href="http://www.bsdperimeter.com/" target="_blank"><font color="#990000"><strong>BSD Perimeter</strong></font></a>. Phone and email support is available for <a href="https://portal.pfsense.org/index.php/support-subscription" target="_blank"><font color="#990000"><strong>support subscribers</strong></font></a> only.
+</p>
+
+<p>
+<font color="#990000" size="4"><strong>Project Rules</strong></font><br>
+To keep things orderly, and be fair to everyone, we must enforce these rules.
+</p>
+
+<p>
+Please do not post support questions to the blog comments. The comments are for discussion of the post, and letting people ask questions there would make a mess of the purpose of those comments. Any support questions will not be moderator approved.
+</p>
+
+<p>
+Please do not cross post questions between the forum and mailing list, unless your inquiry has gone unanswered for at least 24 hours. Do not bump your mailing list or forum posts for at least 24 hours. If you have not received a reply after more than 24 hours, you are welcome to bump your thread.
+</p>
+
+<p>
+Please do not email individuals, the coreteam address, or private message people on the forum to ask questions. We provide a wide variety of means for obtaining help in a public forum, where it helps others who have the same questions in the future. We don\'t have enough time to answer all the questions our users post in the public forums, much less via email and private messages. Since we cannot possibly reply to everyone\'s email and private messages, to be fair we will not reply to anyone. Individual attention via phone and email support is available for commercial support customers.
+</p>
+ </div>
+
+ <div id="tab4" class="tab_content">
+ <h2><a href="#"> <img src="./images/logo.jpg" width="750px" height="76" ALT="Snort Package" /></a></h2>
+
+ <p><font size="5"><strong>Heros</strong></font></p>
+
+ <p>Pfsense Snort Package users who have cared enough to donate to this project. I can\'t thank you enough for all your help. With-out your support I would have stoped long time ago.</p>
+
+ <p>If your not on this list PM me and I will add you. If you would like to be removed pm me and I will remove you.</p>
+
+ <p><font size="5"><strong>Names</strong></font></p>
+
+ <p>sandro tavella</p>
+ <p>João Kemp Filho</p>
+ <p>Julio Fumoso</p>
+ <p>Rolland Hart</p>
+ <p>DiMarco Technology Solutions Inc.</p>
+ <p>Brett Burley</p>
+ <p>Tomasz Iskra</p>
+ <p>Bruno Buchschacher</p>
+ <p>Marco Pannetto</p>
+ <p>Christopher Weakland</p>
+ <p>Antonio Riveros</p>
+ <p>DigitalJer</p>
+ <p>Serialdie</p>
+ <p>Dlawley</p>
+ <p>Onhel</p>
+ <p>Jerrygoldsmith</p>
+
+
+ </div>
+ </div>
+</div>
+
+</body>
+</html>
+
+';
+
+?>
diff --git a/config/snort-dev/snort.inc b/config/snort-dev/snort.inc index 49439149..afb46018 100644 --- a/config/snort-dev/snort.inc +++ b/config/snort-dev/snort.inc @@ -1,2510 +1,2524 @@ -<?php
-/*
- snort.inc
- Copyright (C) 2006 Scott Ullrich
- Copyright (C) 2009-2010 Robert Zelaya
- Copyright (C) 2011 Ermal Luci
- part of pfSense
- All rights reserved.
-
- Redistribution and use in source and binary forms, with or without
- modification, are permitted provided that the following conditions are met:
-
- 1. Redistributions of source code must retain the above copyright notice,
- this list of conditions and the following disclaimer.
-
- 2. Redistributions in binary form must reproduce the above copyright
- notice, this list of conditions and the following disclaimer in the
- documentation and/or other materials provided with the distribution.
-
- THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
- INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
- AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
- AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
- OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
- SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
- INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
- CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
- POSSIBILITY OF SUCH DAMAGE.
- */
-
-require_once("pfsense-utils.inc");
-require_once("config.inc");
-require_once("functions.inc");
-
-// Needed on 2.0 because of filter_get_vpns_list()
-require_once("filter.inc");
-
-/* package version */
-$snort_package_version = 'Snort 2.9.2.3 pkg v. 2.2';
-$snort_rules_file = "snortrules-snapshot-2922.tar.gz";
-
-/* Allow additional execution time 0 = no limit. */
-ini_set('max_execution_time', '9999');
-ini_set('max_input_time', '9999');
-
-/* define oinkid */
-if ($config['installedpackages']['snortglobal'])
- $oinkid = $config['installedpackages']['snortglobal']['oinkmastercode'];
-else
- $config['installedpackages']['snortglobal'] = array();
-
-/* find out if were in 1.2.3-RELEASE */
-if (intval($config['version']) > 6)
- $snort_pfsense_basever = 'no';
-else
- $snort_pfsense_basever = 'yes';
-
-/* find out what arch where in x86 , x64 */
-global $snort_arch;
-$snort_arch = 'x86';
-$snort_arch_ck = php_uname("m");
-if ($snort_arch_ck == 'i386')
- $snort_arch = 'x86';
-else if ($snort_arch_ck == "amd64")
- $snort_arch = 'x64';
-else
- $snort_arch = "Unknown";
-
-/* tell me my theme */
-$pfsense_theme_is = $config['theme'];
-
-/* func builds custom white lists */
-function find_whitelist_key($find_wlist_number) {
- global $config, $g;
-
- if (!is_array($config['installedpackages']['snortglobal']['whitelist']))
- $config['installedpackages']['snortglobal']['whitelist'] = array();
- if (!is_array($config['installedpackages']['snortglobal']['whitelist']['item']))
- return 0; /* XXX */
-
- foreach ($config['installedpackages']['snortglobal']['whitelist']['item'] as $w_key => $value) {
- if ($value['name'] == $find_wlist_number)
- return $w_key;
- }
-}
-
-/* func builds custom suppress lists */
-function find_suppress_key($find_slist_number) {
- global $config, $g;
-
- if (!is_array($config['installedpackages']['snortglobal']['suppress']))
- $config['installedpackages']['snortglobal']['suppress'] = array();
- if (!is_array($config['installedpackages']['snortglobal']['suppress']['item']))
- return 0; /* XXX */
-
- foreach ($config['installedpackages']['snortglobal']['suppress']['item'] as $s_key => $value) {
- if ($value['name'] == $find_slist_number)
- return $s_key;
- }
-}
-
-/* func builds custom whitelests */
-function build_base_whitelist($build_netlist, $wanip, $wangw, $wandns, $vips, $vpns, $userwips) {
- global $config, $g, $snort_pfsense_basever;
-
- /* build an interface array list */
- if (function_exists('get_configured_interface_list'))
- $int_array = get_configured_interface_list();
- else {
- $int_array = array('lan');
- for ($j = 1; isset ($config['interfaces']['opt' . $j]); $j++)
- if(isset($config['interfaces']['opt' . $j]['enable']))
- if(isset($config['interfaces']['opt' . $j]['gateway']))
- $int_array[] = "opt{$j}";
- }
-
- $home_net = "";
-
- /* iterate through interface list and write out whitelist items
- * and also compile a home_net list for snort.
- */
- foreach ($int_array as $int) {
- /* calculate interface subnet information */
- if (function_exists('get_interface_ip')) {
- $subnet = get_interface_ip($int);
- if (is_ipaddr($subnet)) {
- $sn = get_interface_subnet($int);
- $home_net .= "{$subnet}/{$sn} ";
- }
- } else {
- $ifcfg = $config['interfaces'][$int];
- switch ($ifcfg['ipaddr']) {
- case "pppoe":
- case "pptp":
- case "l2tp":
- if (function_exists('get_interface_ip'))
- $subnet = get_interface_ip($int);
- else
- $subnet = find_interface_ip("ng0");
-
- if (is_ipaddr($subnet))
- $home_net .= "{$subnet} ";
- break;
- case "dhcp":
- $subnet = find_interface_ip(snort_get_real_interface($int));
- if (is_ipaddr($subnet))
- $home_net .= "{$subnet} ";
- break;
- default:
- if (is_ipaddr($ifcfg['ipaddr'])) {
- $subnet = gen_subnet($ifcfg['ipaddr'], $ifcfg['subnet']);
- if ($ifcfg['subnet'])
- $home_net .= "{$subnet}/{$ifcfg['subnet']} ";
- }
- break;
- }
- }
- }
-
- if ($snort_pfsense_basever == 'yes' && $wanip == 'yes') {
- /* add all WAN ips to the whitelist */
- $wan_if = get_real_wan_interface();
- $ip = find_interface_ip($wan_if);
- if (is_ipaddr($ip))
- $home_net .= "{$ip} ";
- }
-
- if ($wangw == 'yes') {
- /* Add Gateway on WAN interface to whitelist (For RRD graphs) */
- $gw = get_interface_gateway('wan');
- if($gw)
- $home_net .= "{$gw} ";
- }
-
- if($wandns == 'yes') {
- /* Add DNS server for WAN interface to whitelist */
- $dns_servers = get_dns_servers();
- foreach ($dns_servers as $dns) {
- if($dns)
- $home_net .= "{$dns} ";
- }
- }
-
- if($vips == 'yes') {
- /* iterate all vips and add to whitelist */
- if (is_array($config['virtualip']) && is_array($config['virtualip']['vip'])) {
- foreach($config['virtualip']['vip'] as $vip)
- if($vip['subnet'])
- $home_net .= "{$vip['subnet']} ";
- }
- }
-
- /* Add loopback to whitelist (ftphelper) */
- $home_net .= "127.0.0.1 ";
-
- /* grab a list of vpns and whitelist if user desires added by nestorfish 954 */
- if ($vpns == 'yes') {
- if ($snort_pfsense_basever == 'yes') // chk what pfsense version were on
- $vpns_list = get_vpns_list();
- else if ($snort_pfsense_basever == 'no') // chk what pfsense version were on
- $vpns_list = filter_get_vpns_list();
-
- if (!empty($vpns_list))
- $home_net .= "{$vpns_list} ";
- }
-
- /* never ever compair numbers to words */
- if ($userwips > -1) {
- if (!is_array($config['installedpackages']['snortglobal']['whitelist']['item']))
- $config['installedpackages']['snortglobal']['whitelist']['item'] = array();
-
- $home_net .= $config['installedpackages']['snortglobal']['whitelist']['item'][$userwips]['address'];
- }
-
- $home_net = trim($home_net);
-
- /* this foe whitelistfile, convert spaces to carriage returns */
- if ($build_netlist == 'whitelist') {
- $whitelist_home_net = str_replace(" ", "\n", $home_net);
- $whitelist_home_net = str_replace(" ", "\n", $home_net);
- return $whitelist_home_net;
- }
-
- /* this is for snort.conf */
- $validator = explode(" ", $home_net);
- $valresult = array();
- foreach ($validator as $vald) {
- if (empty($vald))
- continue;
- $valresult[] = $vald;
- }
- $home_net = implode(",", $valresult);
- $home_net = "[{$home_net}]";
-
- return $home_net;
-}
-
-
-/* checks to see if snort is running yes/no and stop/start */
-function Running_Ck($snort_uuid, $if_real, $id) {
- global $config;
-
- $snort_uph = 'no';
- $snort_up_prell = exec("/bin/ps -ax | /usr/bin/grep \"R {$snort_uuid}\" | /usr/bin/grep -v grep | /usr/bin/awk '{print \$1;}'");
- if ($snort_up_prell != '')
- $snort_uph = 'yes';
-
- return $snort_uph;
-}
-
-/* checks to see if barnyard2 is running yes/no */
-function Running_Ck_b($snort_uuid, $if_real, $id) {
- global $config;
-
- $snort_up_b = 'no';
- $snort_up_pre_b = exec("/bin/ps -ax | /usr/bin/grep barnyard2 | /usr/bin/grep \"f snort_{$snort_uuid}_{$if_real}.u2\" | /usr/bin/grep -v grep | /usr/bin/awk '{print \$1;}'");
- if ($snort_up_pre_b != '')
- $snort_up_b = 'yes';
-
- return $snort_up_b;
-}
-
-function Running_Stop($snort_uuid, $if_real, $id) {
- global $config, $g;
-
- /* if snort.sh crashed this will remove the pid */
- @unlink("{$g['tmp_path']}/snort.sh.pid");
-
- $start_up = exec("/bin/ps -ax | /usr/bin/grep \"R {$snort_uuid}\" | /usr/bin/grep -v grep | /usr/bin/awk '{ print \$1; }'");
- $start_upb = exec("/bin/ps -ax | /usr/bin/grep \"snort_{$snort_uuid}_{$if_real}.u2\" | /usr/bin/grep -v grep | /usr/bin/awk '{ print \$1; }'");
-
-
- if ($start_up != '') {
- exec("/bin/kill {$start_up}");
- exec("/bin/rm /var/log/snort/run/snort_{$if_real}{$snort_uuid}*");
- exec("/bin/rm /var/log/snort/snort_{$if_real}{$snort_uuid}/snort_{$snort_uuid}_{$if_real}*");
- @unlink("/var/log/snort/snort_{$if_real}{$snort_uuid}/alert_{$snort_uuid}");
- }
-
- if ($start_upb != '') {
- exec("/bin/kill {$start_upb}");
- exec("/bin/rm /var/run/barnyard2_{$snort_uuid}_{$if_real}*");
- exec("/bin/rm /var/log/snort/snort_{$if_real}{$snort_uuid}/snort.u2_{$snort_uuid}_{$if_real}*");
- }
-
- /* Log Iface stop */
- exec("/usr/bin/logger -p daemon.info -i -t SnortStartup 'Interface Rule STOP for {$snort_uuid}_{$if_real}...'");
- sleep(2); // Give time so GUI displays correctly
-}
-
-function Running_Start($snort_uuid, $if_real, $id) {
- global $config;
-
- /* if snort.sh crashed this will remove the pid */
- @unlink("{$g['tmp_path']}/snort.sh.pid");
-
- $snort_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['enable'];
- if ($snort_info_chk == 'on')
- exec("/usr/local/bin/snort -R \"{$snort_uuid}\" -D -q -l /var/log/snort/snort_{$if_real}{$snort_uuid} --pid-path /var/log/snort/run -G {$snort_uuid} -c /usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}/snort.conf -i {$if_real}");
- else
- return;
-
- /* define snortbarnyardlog_chk */
- /* top will have trouble if the uuid is to far back */
- $snortbarnyardlog_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['barnyard_enable'];
- $snortbarnyardlog_mysql_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['barnyard_mysql'];
- if ($snortbarnyardlog_info_chk == 'on' && $snortbarnyardlog_mysql_info_chk != '') {
- exec("/usr/local/bin/barnyard2 -f \"snort_{$snort_uuid}_{$if_real}.u2\" --pid-path /var/log/snort/run -c /usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}/barnyard2.conf -d /var/log/snort/snort_{$snort_uuid}_{$if_real}/ -D -q");
- }
-
- /* Log Iface stop */
- exec("/usr/bin/logger -p daemon.info -i -t SnortStartup 'Interface Rule START for {$id}_{$snort_uuid}_{$if_real}...'");
- sleep(2); // Give time so GUI displays correctly
-}
-
-function snort_get_friendly_interface($interface) {
-
- if (function_exists('convert_friendly_interface_to_friendly_descr'))
- $iface = convert_friendly_interface_to_friendly_descr($interface);
- else {
- if (!$interface || ($interface == "wan"))
- $iface = "WAN";
- else if(strtolower($interface) == "lan")
- $iface = "LAN";
- else if(strtolower($interface) == "pppoe")
- $iface = "PPPoE";
- else if(strtolower($interface) == "pptp")
- $iface = "PPTP";
- else
- $iface = strtoupper($interface);
- }
-
- return $iface;
-}
-
-/* get the real iface name of wan */
-function snort_get_real_interface($interface) {
- global $config;
-
- $lc_interface = strtolower($interface);
- if (function_exists('get_real_interface'))
- return get_real_interface($lc_interface);
- else {
- if ($lc_interface == "lan") {
- if ($config['inerfaces']['lan'])
- return $config['interfaces']['lan']['if'];
- return $interface;
- }
- if ($lc_interface == "wan")
- return $config['interfaces']['wan']['if'];
- $ifdescrs = array();
- for ($j = 1; isset($config['interfaces']['opt' . $j]); $j++) {
- $ifname = "opt{$j}";
- if(strtolower($ifname) == $lc_interface)
- return $config['interfaces'][$ifname]['if'];
- if(isset($config['interfaces'][$ifname]['descr']) && (strtolower($config['interfaces'][$ifname]['descr']) == $lc_interface))
- return $config['interfaces'][$ifname]['if'];
- }
- }
-
- return $interface;
-}
-
-/*
- this code block is for deleteing logs while keeping the newest file,
- snort is linked to these files while running, do not take the easy way out
- by touch and rm, snort will lose sync and not log.
-
- this code needs to be watched.
- */
-
-/* list dir files */
-function snort_file_list($snort_log_dir, $snort_log_file)
-{
- $dir = opendir ("$snort_log_dir");
- while (false !== ($file = readdir($dir))) {
- if (strpos($file, "$snort_log_file",1) )
- $file_list[] = basename($file);
- }
- return $file_list;
-}
-
-/* snort dir files */
-function snort_file_sort($snort_file1, $snort_file2)
-{
- if ($snort_file1 == $snort_file2)
- return 0;
-
- return ($snort_file1 < $snort_file2); // ? -1 : 1; // this flips the array
-}
-
-/* build files newest first array */
-function snort_build_order($snort_list)
-{
- foreach ($snort_list as $value_list)
- $list_order[] = $value_list;
-
- return $list_order;
-}
-
-/* keep the newest remove the rest */
-function snort_remove_files($snort_list_rm, $snort_file_safe)
-{
- foreach ($snort_list_rm as $value_list) {
- if ($value_list != $snort_file_safe)
- @unlink("/var/log/snort/$value_list");
- else
- file_put_contents("/var/log/snort/$snort_file_safe", "");
- }
-}
-
-/*
- * TODO:
- * This is called by snort_alerts.php.
- *
- * This func needs to be made to only clear one interface rule log
- * at a time.
- *
- */
-function post_delete_logs()
-{
- global $config, $g;
-
- /* do not start config build if rules is empty */
- if (!is_array($config['installedpackages']['snortglobal']['rule']))
- return;
-
- $snort_log_dir = '/var/log/snort';
-
- foreach ($config['installedpackages']['snortglobal']['rule'] as $value) {
- $result_lan = $value['interface'];
- $if_real = snort_get_real_interface($result_lan);
- $snort_uuid = $value['uuid'];
-
- if ($if_real != '' && $snort_uuid != '') {
- if ($value['snortunifiedlog'] == 'on') {
- $snort_log_file_u2 = "{$snort_uuid}_{$if_real}.u2.";
- $snort_list_u2 = snort_file_list($snort_log_dir, $snort_log_file_u2);
- if (is_array($snort_list_u2)) {
- usort($snort_list_u2, "snort_file_sort");
- $snort_u2_rm_list = snort_build_order($snort_list_u2);
- snort_remove_files($snort_u2_rm_list, $snort_u2_rm_list[0]);
- }
- } else
- exec("/bin/rm $snort_log_dir/snort_{$snort_uuid}_{$if_real}.u2*");
-
- if ($value['tcpdumplog'] == 'on') {
- $snort_log_file_tcpd = "{$snort_uuid}_{$if_real}.tcpdump.";
- $snort_list_tcpd = snort_file_list($snort_log_dir, $snort_log_file_tcpd);
- if (is_array($snort_list_tcpd)) {
- usort($snort_list_tcpd, "snort_file_sort");
- $snort_tcpd_rm_list = snort_build_order($snort_list_tcpd);
- snort_remove_files($snort_tcpd_rm_list, $snort_tcpd_rm_list[0]);
- }
- } else
- exec("/bin/rm $snort_log_dir/snort_{$snort_uuid}_{$if_real}.tcpdump*");
-
- /* create barnyard2 configuration file */
- //if ($value['barnyard_enable'] == 'on')
- //create_barnyard2_conf($id, $if_real, $snort_uuid);
-
- if ($value['perform_stat'] == 'on')
- @file_put_contents("/var/log/snort/snort_{$snort_uuid}_{$if_real}.stats", "");
- }
- }
-}
-
-function snort_postinstall()
-{
- global $config, $g, $snort_pfsense_basever, $snort_arch;
-
- /* snort -> advanced features */
- if (is_array($config['installedpackages']['snortglobal'])) {
- $bpfbufsize = $config['installedpackages']['snortglobal']['bpfbufsize'];
- $bpfmaxbufsize = $config['installedpackages']['snortglobal']['bpfmaxbufsize'];
- $bpfmaxinsns = $config['installedpackages']['snortglobal']['bpfmaxinsns'];
- }
-
- /* cleanup default files */
- @rename('/usr/local/etc/snort/snort.conf-sample', '/usr/local/etc/snort/snort.conf');
- @rename('/usr/local/etc/snort/threshold.conf-sample', '/usr/local/etc/snort/threshold.conf');
- @rename('/usr/local/etc/snort/sid-msg.map-sample', '/usr/local/etc/snort/sid-msg.map');
- @rename('/usr/local/etc/snort/unicode.map-sample', '/usr/local/etc/snort/unicode.map');
- @rename('/usr/local/etc/snort/classification.config-sample', '/usr/local/etc/snort/classification.config');
- @rename('/usr/local/etc/snort/generators-sample', '/usr/local/etc/snort/generators');
- @rename('/usr/local/etc/snort/reference.config-sample', '/usr/local/etc/snort/reference.config');
- @rename('/usr/local/etc/snort/gen-msg.map-sample', '/usr/local/etc/snort/gen-msg.map');
- @unlink('/usr/local/etc/snort/sid');
- @unlink('/usr/local/etc/rc.d/snort');
- @unlink('/usr/local/etc/rc.d/bardyard2');
-
- /* remove example files */
- if (file_exists('/usr/local/lib/snort/dynamicrules/lib_sfdynamic_example_rule.so.0'))
- exec('/bin/rm /usr/local/lib/snort/dynamicrules/lib_sfdynamic_example*');
-
- if (file_exists('/usr/local/lib/snort/dynamicpreprocessor/lib_sfdynamic_preprocessor_example.so'))
- exec('/bin/rm /usr/local/lib/snort/dynamicpreprocessor/lib_sfdynamic_preprocessor_example*');
-
- /* create a few directories and ensure the sample files are in place */
- if (!is_dir('/usr/local/etc/snort'))
- exec('/bin/mkdir -p /usr/local/etc/snort/custom_rules');
- if (!is_dir('/usr/local/etc/snort/whitelist'))
- exec('/bin/mkdir -p /usr/local/etc/snort/whitelist/');
- /* NOTE: the diff between the if check and the exec() extra run is by design */
- if (!is_dir('/var/log/snort'))
- exec('/bin/mkdir -p /var/log/snort/run');
- else
- exec('/bin/rm -r /var/log/snort/*; /bin/mkdir -p /var/log/snort/run');
-
- if (!is_dir('/var/log/snort/barnyard2'))
- exec('/bin/mkdir -p /var/log/snort/barnyard2');
- if (!is_dir('/usr/local/lib/snort/dynamicrules/'))
- exec('/bin/mkdir -p /usr/local/lib/snort/dynamicrules/');
- if (!file_exists('/var/db/whitelist'))
- touch('/var/db/whitelist');
-
- /* XXX: These are needed if you run snort as snort user
- mwexec('/usr/sbin/chown -R snort:snort /var/log/snort', true);
- mwexec('/usr/sbin/chown -R snort:snort /usr/local/etc/snort', true);
- mwexec('/usr/sbin/chown -R snort:snort /usr/local/lib/snort', true);
- mwexec('/usr/sbin/chown snort:snort /tmp/snort*', true);
- mwexec('/usr/sbin/chown snort:snort /var/db/whitelist', true);
- */
- /* important */
- mwexec('/bin/chmod 660 /var/db/whitelist', true);
- mwexec('/bin/chmod -R 660 /usr/local/etc/snort/*', true);
- mwexec('/bin/chmod -R 660 /tmp/snort*', true);
- mwexec('/bin/chmod -R 660 /var/run/snort*', true);
- mwexec('/bin/chmod -R 660 /var/snort/run/*', true);
- mwexec('/bin/chmod 770 /usr/local/lib/snort', true);
- mwexec('/bin/chmod 770 /usr/local/etc/snort', true);
- mwexec('/bin/chmod 770 /usr/local/etc/whitelist', true);
- mwexec('/bin/chmod 770 /var/log/snort', true);
- mwexec('/bin/chmod 770 /var/log/snort/run', true);
- mwexec('/bin/chmod 770 /var/log/snort/barnyard2', true);
-
- /* move files around, make it look clean */
- mwexec('/bin/mkdir -p /usr/local/www/snort/css');
- mwexec('/bin/mkdir -p /usr/local/www/snort/images');
-
- chdir ("/usr/local/www/snort/css/");
- exec('/usr/bin/fetch http://www.pfsense.com/packages/config/snort/css/style.css');
- exec('/usr/bin/fetch http://www.pfsense.com/packages/config/snort/css/sexybuttons.css');
- chdir("/usr/local/www/snort/images/");
- exec('/usr/bin/fetch http://www.pfsense.com/packages/config/snort/images/alert.jpg');
- exec('/usr/bin/fetch http://www.pfsense.com/packages/config/snort/images/down.gif');
- exec('/usr/bin/fetch http://www.pfsense.com/packages/config/snort/images/down2.gif');
- exec('/usr/bin/fetch http://www.pfsense.com/packages/config/snort/images/icon-table-sort.png');
- exec('/usr/bin/fetch http://www.pfsense.com/packages/config/snort/images/icon-table-sort-asc.png');
- exec('/usr/bin/fetch http://www.pfsense.com/packages/config/snort/images/icon-table-sort-desc.png');
- exec('/usr/bin/fetch http://www.pfsense.com/packages/config/snort/images/up.gif');
- exec('/usr/bin/fetch http://www.pfsense.com/packages/config/snort/images/up2.gif');
- exec('/usr/bin/fetch http://www.pfsense.com/packages/config/snort/images/logo.jpg');
- exec('/usr/bin/fetch http://www.pfsense.com/packages/config/snort/images/icon_excli.png');
- exec('/usr/bin/fetch http://www.pfsense.com/packages/config/snort/images/arrow_down.png');
- exec('/usr/bin/fetch http://www.pfsense.com/packages/config/snort/images/awesome-overlay-sprite.png');
- exec('/usr/bin/fetch http://www.pfsense.com/packages/config/snort/images/logo22.png');
- exec('/usr/bin/fetch http://www.pfsense.com/packages/config/snort/images/page_white_text.png');
-
- /* remake saved settings */
- if ($config['installedpackages']['snortglobal']['forcekeepsettings'] == 'on') {
- update_status(gettext("Saved settings detected..."));
- update_output_window(gettext("Please wait... rebuilding files..."));
- sync_snort_package_config();
- update_output_window(gettext("Finnished Rebuilding files..."));
- }
-}
-
-function snort_Getdirsize($node) {
- if(!is_readable($node))
- return false;
-
- $blah = exec( "/usr/bin/du -kd $node" );
- return substr( $blah, 0, strpos($blah, 9) );
-}
-
-/* func for log dir size limit cron */
-function snort_snortloglimit_install_cron($should_install) {
- global $config, $g;
-
- if (!is_array($config['cron']['item']))
- $config['cron']['item'] = array();
-
- $x=0;
- $is_installed = false;
- foreach($config['cron']['item'] as $item) {
- if (strstr($item['command'], '/usr/local/pkg/snort/snort_check_cron_misc.inc')) {
- $is_installed = true;
- break;
- }
- $x++;
- }
-
- switch($should_install) {
- case true:
- if(!$is_installed) {
-
- $cron_item = array();
- $cron_item['minute'] = "*/5";
- $cron_item['hour'] = "*";
- $cron_item['mday'] = "*";
- $cron_item['month'] = "*";
- $cron_item['wday'] = "*";
- $cron_item['who'] = "root";
- $cron_item['command'] = "/usr/bin/nice -n20 /usr/local/bin/php -f /usr/local/pkg/snort/snort_check_cron_misc.inc";
- $config['cron']['item'][] = $cron_item;
- }
- break;
- case false:
- if($is_installed == true)
- unset($config['cron']['item'][$x]);
- break;
- }
-}
-
-/* func for updating cron */
-function snort_rm_blocked_install_cron($should_install) {
- global $config, $g;
-
- if (!is_array($config['cron']['item']))
- $config['cron']['item'] = array();
-
- $x=0;
- $is_installed = false;
- foreach($config['cron']['item'] as $item) {
- if (strstr($item['command'], "snort2c")) {
- $is_installed = true;
- break;
- }
- $x++;
- }
-
- $snort_rm_blocked_info_ck = $config['installedpackages']['snortglobal']['rm_blocked'];
- if ($snort_rm_blocked_info_ck == "1h_b") {
- $snort_rm_blocked_min = "*/5";
- $snort_rm_blocked_hr = "*";
- $snort_rm_blocked_mday = "*";
- $snort_rm_blocked_month = "*";
- $snort_rm_blocked_wday = "*";
- $snort_rm_blocked_expire = "3600";
- }
- if ($snort_rm_blocked_info_ck == "3h_b") {
- $snort_rm_blocked_min = "*/15";
- $snort_rm_blocked_hr = "*";
- $snort_rm_blocked_mday = "*";
- $snort_rm_blocked_month = "*";
- $snort_rm_blocked_wday = "*";
- $snort_rm_blocked_expire = "10800";
- }
- if ($snort_rm_blocked_info_ck == "6h_b") {
- $snort_rm_blocked_min = "*/30";
- $snort_rm_blocked_hr = "*";
- $snort_rm_blocked_mday = "*";
- $snort_rm_blocked_month = "*";
- $snort_rm_blocked_wday = "*";
- $snort_rm_blocked_expire = "21600";
- }
- if ($snort_rm_blocked_info_ck == "12h_b") {
- $snort_rm_blocked_min = "2";
- $snort_rm_blocked_hr = "*/1";
- $snort_rm_blocked_mday = "*";
- $snort_rm_blocked_month = "*";
- $snort_rm_blocked_wday = "*";
- $snort_rm_blocked_expire = "43200";
- }
- if ($snort_rm_blocked_info_ck == "1d_b") {
- $snort_rm_blocked_min = "2";
- $snort_rm_blocked_hr = "*/2";
- $snort_rm_blocked_mday = "*";
- $snort_rm_blocked_month = "*";
- $snort_rm_blocked_wday = "*";
- $snort_rm_blocked_expire = "86400";
- }
- if ($snort_rm_blocked_info_ck == "4d_b") {
- $snort_rm_blocked_min = "2";
- $snort_rm_blocked_hr = "*/8";
- $snort_rm_blocked_mday = "*";
- $snort_rm_blocked_month = "*";
- $snort_rm_blocked_wday = "*";
- $snort_rm_blocked_expire = "345600";
- }
- if ($snort_rm_blocked_info_ck == "7d_b") {
- $snort_rm_blocked_min = "2";
- $snort_rm_blocked_hr = "*/14";
- $snort_rm_blocked_mday = "*";
- $snort_rm_blocked_month = "*";
- $snort_rm_blocked_wday = "*";
- $snort_rm_blocked_expire = "604800";
- }
- if ($snort_rm_blocked_info_ck == "28d_b") {
- $snort_rm_blocked_min = "2";
- $snort_rm_blocked_hr = "0";
- $snort_rm_blocked_mday = "*/2";
- $snort_rm_blocked_month = "*";
- $snort_rm_blocked_wday = "*";
- $snort_rm_blocked_expire = "2419200";
- }
- switch($should_install) {
- case true:
- if(!$is_installed) {
- $cron_item = array();
- $cron_item['minute'] = "$snort_rm_blocked_min";
- $cron_item['hour'] = "$snort_rm_blocked_hr";
- $cron_item['mday'] = "$snort_rm_blocked_mday";
- $cron_item['month'] = "$snort_rm_blocked_month";
- $cron_item['wday'] = "$snort_rm_blocked_wday";
- $cron_item['who'] = "root";
- $cron_item['command'] = "/usr/bin/nice -n20 /usr/local/sbin/expiretable -t $snort_rm_blocked_expire snort2c";
- $config['cron']['item'][] = $cron_item;
- }
- break;
- case false:
- if ($is_installed == true)
- unset($config['cron']['item'][$x]);
- break;
- }
-}
-
-/* func to install snort update */
-function snort_rules_up_install_cron($should_install) {
- global $config, $g;
-
- if(!$config['cron']['item'])
- $config['cron']['item'] = array();
-
- $x=0;
- $is_installed = false;
- foreach($config['cron']['item'] as $item) {
- if (strstr($item['command'], "snort_check_for_rule_updates.php")) {
- $is_installed = true;
- break;
- }
- $x++;
- }
- $snort_rules_up_info_ck = $config['installedpackages']['snortglobal']['autorulesupdate7'];
- if ($snort_rules_up_info_ck == "6h_up") {
- $snort_rules_up_min = "3";
- $snort_rules_up_hr = "*/6";
- $snort_rules_up_mday = "*";
- $snort_rules_up_month = "*";
- $snort_rules_up_wday = "*";
- }
- if ($snort_rules_up_info_ck == "12h_up") {
- $snort_rules_up_min = "3";
- $snort_rules_up_hr = "*/12";
- $snort_rules_up_mday = "*";
- $snort_rules_up_month = "*";
- $snort_rules_up_wday = "*";
- }
- if ($snort_rules_up_info_ck == "1d_up") {
- $snort_rules_up_min = "3";
- $snort_rules_up_hr = "0";
- $snort_rules_up_mday = "*/1";
- $snort_rules_up_month = "*";
- $snort_rules_up_wday = "*";
- }
- if ($snort_rules_up_info_ck == "4d_up") {
- $snort_rules_up_min = "3";
- $snort_rules_up_hr = "0";
- $snort_rules_up_mday = "*/4";
- $snort_rules_up_month = "*";
- $snort_rules_up_wday = "*";
- }
- if ($snort_rules_up_info_ck == "7d_up") {
- $snort_rules_up_min = "3";
- $snort_rules_up_hr = "0";
- $snort_rules_up_mday = "*/7";
- $snort_rules_up_month = "*";
- $snort_rules_up_wday = "*";
- }
- if ($snort_rules_up_info_ck == "28d_up") {
- $snort_rules_up_min = "3";
- $snort_rules_up_hr = "0";
- $snort_rules_up_mday = "*/28";
- $snort_rules_up_month = "*";
- $snort_rules_up_wday = "*";
- }
- switch($should_install) {
- case true:
- if(!$is_installed) {
- $cron_item = array();
- $cron_item['minute'] = "$snort_rules_up_min";
- $cron_item['hour'] = "$snort_rules_up_hr";
- $cron_item['mday'] = "$snort_rules_up_mday";
- $cron_item['month'] = "$snort_rules_up_month";
- $cron_item['wday'] = "$snort_rules_up_wday";
- $cron_item['who'] = "root";
- $cron_item['command'] = "/usr/bin/nice -n20 /usr/local/bin/php -f /usr/local/pkg/snort/snort_check_for_rule_updates.php >> /tmp/snort_update.log";
- $config['cron']['item'][] = $cron_item;
- }
- break;
- case false:
- if($is_installed == true)
- unset($config['cron']['item'][$x]);
- break;
- }
-}
-
-/* Only run when all ifaces needed to sync. Expects filesystem rw */
-function sync_snort_package_config()
-{
- global $config, $g;
-
- /* RedDevil suggested code */
- /* TODO: more testing needs to be done */
- /* may cause voip to fail */
- //exec("/sbin/sysctl net.bpf.bufsize=8388608");
- //exec("/sbin/sysctl net.bpf.maxbufsize=4194304");
- //exec("/sbin/sysctl net.bpf.maxinsns=512");
- //exec("/sbin/sysctl net.inet.tcp.rfc1323=1");
-
- conf_mount_rw();
-
- /* do not start config build if rules is empty */
- if (!is_array($config['installedpackages']['snortglobal']['rule'])) {
- exec('/bin/rm /usr/local/etc/rc.d/snort.sh');
- conf_mount_ro();
- return;
- }
-
- foreach ($config['installedpackages']['snortglobal']['rule'] as $id => $value) {
- $if_real = snort_get_real_interface($value['interface']);
- $snort_uuid = $value['uuid'];
-
- if ($if_real != '' && $snort_uuid != '') {
-
- /* only build whitelist when needed */
- if ($value['blockoffenders7'] == 'on')
- create_snort_whitelist($id, $if_real);
-
- /* only build threshold when needed */
- if ($value['suppresslistname'] != 'default')
- create_snort_suppress($id, $if_real);
-
- /* create snort configuration file */
- create_snort_conf($id, $if_real, $snort_uuid);
-
- /* if rules exist cp rules to each iface */
- create_rules_iface($id, $if_real, $snort_uuid);
-
- /* create barnyard2 configuration file */
- if ($value['barnyard_enable'] == 'on')
- create_barnyard2_conf($id, $if_real, $snort_uuid);
- }
- }
-
- /* create snort bootup file snort.sh only create once */
- create_snort_sh();
-
- /* all new files are for the user snort nologin */
- if (!is_dir("/var/log/snort/snort_{$if_real}{$snort_uuid}"))
- exec("/bin/mkdir -p /var/log/snort/snort_{$if_real}{$snort_uuid}");
-
- if (!is_dir('/var/log/snort/run'))
- exec('/bin/mkdir -p /var/log/snort/run');
-
- if (!is_dir("/var/log/snort/barnyard2/snort_{$if_real}{$snort_uuid}"))
- exec("/bin/mkdir -p /var/log/snort/barnyard2/snort_{$if_real}{$snort_uuid}");
-
- /* XXX: These are needed if snort is run as snort user
- mwexec('/usr/sbin/chown -R snort:snort /var/log/snort', true);
- mwexec('/usr/sbin/chown -R snort:snort /usr/local/etc/snort', true);
- mwexec('/usr/sbin/chown -R snort:snort /usr/local/lib/snort', true);
- mwexec('/usr/sbin/chown snort:snort /tmp/snort*', true);
- mwexec('/usr/sbin/chown snort:snort /var/db/whitelist', true);
- */
-
- /* important */
- mwexec('/bin/chmod 770 /var/db/whitelist', true);
- mwexec('/bin/chmod 770 /var/run/snort*', true);
- mwexec('/bin/chmod 770 /tmp/snort*', true);
- mwexec('/bin/chmod -R 770 /var/log/snort', true);
- mwexec('/bin/chmod -R 770 /usr/local/lib/snort', true);
- mwexec('/bin/chmod -R 770 /usr/local/etc/snort/', true);
-
- conf_mount_ro();
-}
-
-/* Start of main config files */
-
-/* create threshold file */
-function create_snort_suppress($id, $if_real) {
- global $config, $g;
-
- /* make sure dir is there */
- if (!is_dir('/usr/local/etc/snort/suppress'))
- exec('/bin/mkdir -p /usr/local/etc/snort/suppress');
-
- if (!is_array($config['installedpackages']['snortglobal']['rule']))
- return;
-
- if ($config['installedpackages']['snortglobal']['rule'][$id]['suppresslistname'] != 'default') {
- $whitelist_key_s = find_suppress_key($config['installedpackages']['snortglobal']['rule'][$id]['suppresslistname']);
-
- /* file name */
- $suppress_file_name = $config['installedpackages']['snortglobal']['suppress']['item'][$whitelist_key_s]['name'];
-
- /* Message */
- $s_data = '# This file is auto generated by the snort package. Please do not edit this file by hand.' . "\n\n";
-
- /* user added arguments */
- $s_data .= str_replace("\r", "", base64_decode($config['installedpackages']['snortglobal']['suppress']['item'][$whitelist_key_s]['suppresspassthru']));
-
- /* open snort's whitelist for writing */
- @file_put_contents("/usr/local/etc/snort/suppress/$suppress_file_name", $s_data);
- }
-}
-
-function create_snort_whitelist($id, $if_real) {
- global $config, $g;
-
- /* make sure dir is there */
- if (!is_dir('/usr/local/etc/snort/whitelist'))
- exec('/bin/mkdir -p /usr/local/etc/snort/whitelist');
-
- if ($config['installedpackages']['snortglobal']['rule'][$id]['whitelistname'] == 'default') {
-
- $w_data = build_base_whitelist('whitelist', 'yes', 'yes', 'yes', 'yes', 'yes', 'no');
-
- /* open snort's whitelist for writing */
- @file_put_contents("/usr/local/etc/snort/whitelist/defaultwlist", $w_data);
-
- } else if (!empty($config['installedpackages']['snortglobal']['rule'][$id]['whitelistname'])) {
- $whitelist_key_w = find_whitelist_key($config['installedpackages']['snortglobal']['rule'][$id]['whitelistname']);
-
- if (!is_array($config['installedpackages']['snortglobal']['whitelist']['item']))
- return;
-
- $whitelist = $config['installedpackages']['snortglobal']['whitelist']['item'][$whitelist_key_w];
- $w_data = build_base_whitelist($whitelist['snortlisttype'], $whitelist['wanips'], $whitelist['wangateips'],
- $whitelist['wandnsips'], $whitelist['vips'], $whitelist['vpnips'], $whitelist_key_w);
-
- /* open snort's whitelist for writing */
- @file_put_contents("/usr/local/etc/snort/whitelist/" . $config['installedpackages']['snortglobal']['rule'][$id]['whitelistname'], $w_data);
- }
-}
-
-function create_snort_homenet($id, $if_real) {
- global $config, $g;
-
- if ($config['installedpackages']['snortglobal']['rule'][$id]['homelistname'] == 'default' || $config['installedpackages']['snortglobal']['rule'][$id]['homelistname'] == '')
- return build_base_whitelist('netlist', 'yes', 'yes', 'yes', 'yes', 'yes', 'no');
- else if (!empty($config['installedpackages']['snortglobal']['rule'][$id]['homelistname'])) {
- $whitelist_key_h = find_whitelist_key($config['installedpackages']['snortglobal']['rule'][$id]['homelistname']);
-
- if (!is_array($config['installedpackages']['snortglobal']['whitelist']['item']))
- return;
-
- $build_netlist_h = $config['installedpackages']['snortglobal']['whitelist']['item'][$whitelist_key_h]['snortlisttype'];
- $wanip_h = $config['installedpackages']['snortglobal']['whitelist']['item'][$whitelist_key_h]['wanips'];
- $wangw_h = $config['installedpackages']['snortglobal']['whitelist']['item'][$whitelist_key_h]['wangateips'];
- $wandns_h = $config['installedpackages']['snortglobal']['whitelist']['item'][$whitelist_key_h]['wandnsips'];
- $vips_h = $config['installedpackages']['snortglobal']['whitelist']['item'][$whitelist_key_h]['vips'];
- $vpns_h = $config['installedpackages']['snortglobal']['whitelist']['item'][$whitelist_key_h]['vpnips'];
-
- return build_base_whitelist($build_netlist_h, $wanip_h, $wangw_h, $wandns_h, $vips_h, $vpns_h, $whitelist_key_h);
- }
-}
-
-function create_snort_externalnet($id, $if_real) {
- global $config, $g;
-
- if (!empty($config['installedpackages']['snortglobal']['rule'][$id]['externallistname'])) {
- $whitelist_key_ex = find_whitelist_key($config['installedpackages']['snortglobal']['rule'][$id]['externallistname']);
-
- if (!is_array($config['installedpackages']['snortglobal']['whitelist']['item']))
- return;
-
- $build_netlist_ex = $config['installedpackages']['snortglobal']['whitelist']['item'][$whitelist_key_ex]['snortlisttype'];
- $wanip_ex = $config['installedpackages']['snortglobal']['whitelist']['item'][$whitelist_key_ex]['wanips'];
- $wangw_ex = $config['installedpackages']['snortglobal']['whitelist']['item'][$whitelist_key_ex]['wangateips'];
- $wandns_ex = $config['installedpackages']['snortglobal']['whitelist']['item'][$whitelist_key_ex]['wandnsips'];
- $vips_ex = $config['installedpackages']['snortglobal']['whitelist']['item'][$whitelist_key_ex]['vips'];
- $vpns_ex = $config['installedpackages']['snortglobal']['whitelist']['item'][$whitelist_key_ex]['vpnips'];
-
- return build_base_whitelist($build_netlist_ex, $wanip_ex, $wangw_ex, $wandns_ex, $vips_ex, $vpns_ex, $whitelist_key_ex);
- }
-}
-
-/* open snort.sh for writing" */
-function create_snort_sh()
-{
- global $config, $g;
-
- if (!is_array($config['installedpackages']['snortglobal']['rule']))
- return;
-
- $snortconf =& $config['installedpackages']['snortglobal']['rule'];
-
- $snort_sh_text3 = array();
- $snort_sh_text4 = array();
-
- /* do not start config build if rules is empty */
- if (!empty($snortconf)) {
- foreach ($snortconf as $value) {
- $snort_uuid = $value['uuid'];
- $result_lan = $value['interface'];
- $if_real = snort_get_real_interface($result_lan);
-
- /* define snortbarnyardlog_chk */
- $snortbarnyardlog_info_chk = $value['barnyard_enable'];
- $snortbarnyardlog_mysql_info_chk = $value['barnyard_mysql'];
-
- if ($snortbarnyardlog_info_chk == 'on' && $snortbarnyardlog_mysql_info_chk != '')
- $start_barnyard2 = "sleep 4;/usr/local/bin/barnyard2 -f snort_{$snort_uuid}_{$if_real}.u2 --pid-path /var/log/snort/run -c /usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}/barnyard2.conf -d /var/log/snort/snort_{$if_real}{$snort_uuid} -D -q";
-
- $snort_sh_text3[] = <<<EOE
-
-###### For Each Iface
-
-#### Fake start only used on bootup and Pfsense IP changes
-#### Only try to restart if snort is running on Iface
-if [ "`/bin/ps -ax | /usr/bin/grep "R {$snort_uuid}" | /usr/bin/grep -v grep | /usr/bin/awk '{print $1;}'`" != "" ]; then
- snort_pid=`/bin/ps -ax | /usr/bin/grep "R {$snort_uuid}" | /usr/bin/grep -v grep | /usr/bin/awk '{print $1;}'`
- /usr/bin/logger -p daemon.info -i -t SnortStartup "Snort already running, soft restart"
-
- #### Restart Iface
- /bin/kill -HUP \${snort_pid}
- /usr/bin/logger -p daemon.info -i -t SnortStartup "Snort Soft Reload For {$snort_uuid}_{$if_real}..."
-else
- # Start snort and barnyard2
- /bin/echo "snort.sh run" > /tmp/snort.sh.pid
- /bin/rm /var/run/snort_{$snort_uuid}_{$if_real}.pid
-
- /usr/local/bin/snort -R {$snort_uuid} -D -q -l /var/log/snort/snort_{$if_real}{$snort_uuid} --pid-path /var/log/snort/run -G {$snort_uuid} -c /usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}/snort.conf -i {$if_real}
- $start_barnyard2
-
- /usr/bin/logger -p daemon.info -i -t SnortStartup "Snort HARD START For {$snort_uuid}_{$if_real}..."
-fi
-
-EOE;
-
- $snort_sh_text4[] = <<<EOF
-
-pid_s=`/bin/ps -ax | /usr/bin/grep "R {$snort_uuid}" | /usr/bin/grep -v grep | /usr/bin/awk '{print \$1;}'`
-sleep 3
-pid_b=`/bin/ps -ax | /usr/bin/grep "snort_{$snort_uuid}_{$if_real}.u2" | /usr/bin/grep -v grep | /usr/bin/awk '{print \$1;}'`
-if [ \${pid_s} ] ; then
-
- /bin/echo "snort.sh run" > /tmp/snort.sh.pid
- /usr/bin/logger -p daemon.info -i -t SnortStartup "Snort HARD STOP For {$snort_uuid}_{$if_real}..."
-
- /bin/kill \${pid_s}
- sleep 3
- /bin/kill \${pid_b}
-
- /bin/rm /var/run/snort_{$snort_uuid}_{$if_real}.pid
-fi
-
-EOF;
- }
- }
-
-
- $start_snort_iface_start = implode("\n\n", $snort_sh_text3);
- $start_snort_iface_stop = implode("\n\n", $snort_sh_text4);
-
- $snort_sh_text = <<<EOD
-#!/bin/sh
-########
-# This file was automatically generated
-# by the pfSense service handler.
-# Code added to protect from double starts on pfSense bootup
-######## Begining of Main snort.sh
-
-rc_start() {
-
- /bin/echo "snort.sh run" > /tmp/snort.sh.pid
- $start_snort_iface_start
- /bin/rm /tmp/snort.sh.pid
-}
-
-rc_stop() {
-
- $start_snort_iface_stop
- /bin/rm /tmp/snort.sh.pid
- /bin/rm /var/run/snort*
-
-}
-
-case $1 in
- start)
- rc_start
- ;;
- stop)
- rc_stop
- ;;
- restart)
- rc_start
- ;;
-esac
-
-EOD;
-
- /* write out snort.sh */
- $bconf = fopen("/usr/local/etc/rc.d/snort.sh", "w");
- if(!$bconf) {
- log_error("Could not open /usr/local/etc/rc.d/snort.sh for writing.");
- return;
- }
- fwrite($bconf, $snort_sh_text);
- fclose($bconf);
- @chmod("/usr/local/etc/rc.d/snort.sh", 0755);
-}
-
-/* if rules exist copy to new interfaces */
-function create_rules_iface($id, $if_real, $snort_uuid)
-{
- global $config, $g;
-
- $if_rule_dir = "/usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}";
- $folder_chk = (count(glob("{$if_rule_dir}/rules/*")) === 0) ? 'empty' : 'full';
-
- if ($folder_chk == "empty") {
- if (!is_dir("/usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}/rules"))
- exec("/bin/mkdir -p /usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}/rules");
- exec("/bin/cp /usr/local/etc/snort/rules/* {$if_rule_dir}/rules");
- if (file_exists("/usr/local/etc/snort/custom_rules/local_{$snort_uuid}_{$if_real}.rules"))
- exec("/bin/cp /usr/local/etc/snort/custom_rules/local_{$snort_uuid}_{$if_real}.rules {$if_rule_dir}/local_{$snort_uuid}_{$if_real}.rules");
- }
-}
-
-/* open barnyard2.conf for writing */
-function create_barnyard2_conf($id, $if_real, $snort_uuid) {
- global $config, $g;
-
- if (!file_exists("/usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}/barnyard2.conf"))
- exec("/usr/bin/touch /usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}/barnyard2.conf");
-
- if (!file_exists("/var/log/snort/barnyard2/{$snort_uuid}_{$if_real}.waldo")) {
- mwexec("/usr/bin/touch /var/log/snort/barnyard2/snort_{$if_real}{$snort_uuid}/{$snort_uuid}_{$if_real}.waldo", true);
- /* XXX: This is needed if snort is run as snort user */
- //mwexec("/usr/sbin/chown snort:snort /var/log/snort/barnyard2/{$snort_uuid}_{$if_real}.waldo", true);
- mwexec("/bin/chmod 770 /var/log/snort/barnyard2/snort_{$if_real}{$snort_uuid}/{$snort_uuid}_{$if_real}.waldo", true);
- }
-
- $barnyard2_conf_text = generate_barnyard2_conf($id, $if_real, $snort_uuid);
-
- /* write out barnyard2_conf */
- $bconf = fopen("/usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}/barnyard2.conf", "w");
- if(!$bconf) {
- log_error("Could not open /usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}/barnyard2.conf for writing.");
- return;
- }
- fwrite($bconf, $barnyard2_conf_text);
- fclose($bconf);
-}
-
-/* open barnyard2.conf for writing" */
-function generate_barnyard2_conf($id, $if_real, $snort_uuid) {
- global $config, $g;
-
- /* define snortbarnyardlog */
- /* TODO: add support for the other 5 output plugins */
-
- $snortbarnyardlog_database_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['barnyard_mysql'];
- $snortbarnyardlog_hostname_info_chk = exec("/bin/hostname");
- /* user add arguments */
- $snortbarnyardlog_config_pass_thru = str_replace("\r", "", base64_decode($config['installedpackages']['snortglobal']['rule'][$id]['barnconfigpassthru']));
-
- $barnyard2_conf_text = <<<EOD
-
-# barnyard2.conf
-# barnyard2 can be found at http://www.securixlive.com/barnyard2/index.php
-#
-# set the appropriate paths to the file(s) your Snort process is using
-
-config reference_file: /usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}/reference.config
-config classification_file: /usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}/classification.config
-config gen_file: /usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}/gen-msg.map
-config sid_file: /usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}/sid-msg.map
-
-config hostname: $snortbarnyardlog_hostname_info_chk
-config interface: {$snort_uuid}_{$if_real}
-config decode_data_link
-config waldo_file: /var/log/snort/barnyard2/snort_{$if_real}{$snort_uuid}/{$snort_uuid}_{$if_real}.waldo
-
-## START user pass through ##
-
- {$snortbarnyardlog_config_pass_thru}
-
-## END user pass through ##
-
-# Step 2: setup the input plugins
-input unified2
-
-config logdir: /var/log/snort/snort_{$if_real}{$snort_uuid}
-
-# database: log to a variety of databases
-# output database: log, mysql, user=xxxx password=xxxxxx dbname=xxxx host=xxx.xxx.xxx.xxxx
-
- $snortbarnyardlog_database_info_chk
-
-EOD;
-
- return $barnyard2_conf_text;
-}
-
-function create_snort_conf($id, $if_real, $snort_uuid)
-{
- global $config, $g;
-
- if (!empty($if_real)&& !empty($snort_uuid)) {
- if (!is_dir("/usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}")) {
- exec("/bin/mkdir -p /usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}");
- @touch("/usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}/snort.conf");
- }
-
- $snort_conf_text = generate_snort_conf($id, $if_real, $snort_uuid);
- if (empty($snort_conf_text))
- return;
-
- /* write out snort.conf */
- $conf = fopen("/usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}/snort.conf", "w");
- if(!$conf) {
- log_error("Could not open /usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}/snort.conf for writing.");
- return -1;
- }
- fwrite($conf, $snort_conf_text);
- fclose($conf);
- }
-}
-
-function snort_deinstall() {
- global $config, $g;
-
- /* remove custom sysctl */
- remove_text_from_file("/etc/sysctl.conf", "sysctl net.bpf.bufsize=20480");
-
- /* decrease bpf buffers back to 4096, from 20480 */
- exec('/sbin/sysctl net.bpf.bufsize=4096');
- mwexec('/usr/bin/killall snort', true);
- sleep(2);
- mwexec('/usr/bin/killall -9 snort', true);
- sleep(2);
- mwexec('/usr/bin/killall barnyard2', true);
- sleep(2);
- mwexec('/usr/bin/killall -9 barnyard2', true);
- sleep(2);
- mwexec('/usr/sbin/pw userdel snort; /usr/sbin/pw groupdel snort', true);
- mwexec('/bin/rm -rf /usr/local/etc/snort*; /bin/rm -rf /usr/local/pkg/snort*', true);
- mwexec('/bin/rm -r /usr/local/bin/barnyard2', true);
- mwexec('/bin/rm -rf /usr/local/www/snort; /bin/rm -rf /var/log/snort; /bin/rm -rf /usr/local/lib/snort', true);
-
- /* Remove snort cron entries Ugly code needs smoothness*/
- if (!function_exists('snort_deinstall_cron')) {
- function snort_deinstall_cron($crontask) {
- global $config, $g;
-
- if(!is_array($config['cron']['item']))
- return;
-
- $x=0;
- $is_installed = false;
- foreach($config['cron']['item'] as $item) {
- if (strstr($item['command'], $crontask)) {
- $is_installed = true;
- break;
- }
- $x++;
- }
- if ($is_installed == true)
- unset($config['cron']['item'][$x]);
- }
- }
-
- snort_deinstall_cron("snort2c");
- snort_deinstall_cron("snort_check_for_rule_updates.php");
- snort_deinstall_cron("/usr/local/pkg/snort/snort_check_cron_misc.inc");
- configure_cron();
-
- /* Unset snort registers in conf.xml IMPORTANT snort will not start with out this */
- /* Keep this as a last step */
- if ($config['installedpackages']['snortglobal']['forcekeepsettings'] != 'on')
- unset($config['installedpackages']['snortglobal']);
-}
-
-function generate_snort_conf($id, $if_real, $snort_uuid)
-{
- global $config, $g, $snort_pfsense_basever;
-
- if (!is_array($config['installedpackages']['snortglobal']['rule']))
- return;
-
- $snortcfg =& $config['installedpackages']['snortglobal']['rule'][$id];
-
- /* custom home nets */
- $home_net = create_snort_homenet($id, $if_real);
-
- if ($snortcfg['externallistname'] == 'default')
- $external_net = '!$HOME_NET';
- else
- $external_net = create_snort_externalnet($id, $if_real);
-
- /* obtain external interface */
- /* XXX: make multi wan friendly */
- $snort_ext_int = $snortcfg['interface'];
-
- /* user added arguments */
- $snort_config_pass_thru = str_replace("\r", "", base64_decode($snortcfg['configpassthru']));
-
- /* create basic files */
- if (!is_dir("/usr/local/etc/snort/snort/snort_{$snort_uuid}_{$if_real}"))
- exec("/bin/mkdir -p /usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}");
-
- exec("/bin/cp /usr/local/etc/snort/gen-msg.map /usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}/gen-msg.map");
- exec("/bin/cp /usr/local/etc/snort/classification.config /usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}/classification.config");
- exec("/bin/cp /usr/local/etc/snort/reference.config /usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}/reference.config");
- exec("/bin/cp /usr/local/etc/snort/sid-msg.map /usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}/sid-msg.map");
- exec("/bin/cp /usr/local/etc/snort/unicode.map /usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}/unicode.map");
- exec("/bin/cp /usr/local/etc/snort/threshold.conf /usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}/threshold.conf");
- exec("/usr/bin/touch /usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}/barnyard2.conf");
-
- if (!is_dir("/usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}/rules"))
- exec("/bin/mkdir -p /usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}/rules");
-
- /* define basic log filename */
- $snortunifiedlogbasic_type = "output unified: filename snort_{$snort_uuid}_{$if_real}.log, limit 128";
-
- /* define snortalertlogtype */
- if ($config['installedpackages']['snortglobal']['snortalertlogtype'] == "fast")
- $snortalertlogtype_type = "output alert_fast: alert_{$snort_uuid}";
- else
- $snortalertlogtype_type = "output alert_full: alert_{$snort_uuid}";
-
- /* define alertsystemlog */
- $alertsystemlog_type = "";
- if ($snortcfg['alertsystemlog'] == "on")
- $alertsystemlog_type = "output alert_syslog: log_alert";
-
- /* define tcpdumplog */
- $tcpdumplog_type = "";
- if ($snortcfg['tcpdumplog'] == "on")
- $tcpdumplog_type = "output log_tcpdump: snort_{$snort_uuid}_{$if_real}.tcpdump";
-
- /* define snortunifiedlog */
- $snortunifiedlog_type = "";
- if ($snortcfg['snortunifiedlog'] == "on")
- $snortunifiedlog_type = "output unified2: filename snort_{$snort_uuid}_{$if_real}.u2, limit 128";
-
- /* define spoink */
- $spoink_type = "";
- if ($snortcfg['blockoffenders7'] == "on") {
- if ($snortcfg['whitelistname'] == "default")
- $spoink_whitelist_name = 'defaultwlist';
- else if (file_exists("/usr/local/etc/snort/whitelist/{$snortcfg['whitelistname']}"))
- $spoink_whitelist_name = $snortcfg['whitelistname'];
-
- $pfkill = "";
- if ($snortcfg['blockoffenderskill'] == "on")
- $pfkill = "kill";
-
- $spoink_type = "output alert_pf: /usr/local/etc/snort/whitelist/{$spoink_whitelist_name},snort2c,{$snortcfg['blockoffendersip']},{$pfkill}";
- }
-
- /* define threshold file */
- $threshold_file_name = "";
- if ($snortcfg['suppresslistname'] != 'default') {
- if (file_exists("/usr/local/etc/snort/suppress/{$snortcfg['suppresslistname']}"))
- $threshold_file_name = "include /usr/local/etc/snort/suppress/{$snortcfg['suppresslistname']}";
- }
-
- /* define servers and ports snortdefservers */
- /* def DNS_SERVSERS */
- $def_dns_servers_info_chk = $snortcfg['def_dns_servers'];
- if ($def_dns_servers_info_chk == "")
- $def_dns_servers_type = "\$HOME_NET";
- else
- $def_dns_servers_type = "$def_dns_servers_info_chk";
-
- /* def DNS_PORTS */
- $def_dns_ports_info_chk = $snortcfg['def_dns_ports'];
- if ($def_dns_ports_info_chk == "")
- $def_dns_ports_type = "53";
- else
- $def_dns_ports_type = "$def_dns_ports_info_chk";
-
- /* def SMTP_SERVSERS */
- $def_smtp_servers_info_chk = $snortcfg['def_smtp_servers'];
- if ($def_smtp_servers_info_chk == "")
- $def_smtp_servers_type = "\$HOME_NET";
- else
- $def_smtp_servers_type = "$def_smtp_servers_info_chk";
-
- /* def SMTP_PORTS */
- $def_smtp_ports_info_chk = $snortcfg['def_smtp_ports'];
- if ($def_smtp_ports_info_chk == "")
- $def_smtp_ports_type = "25";
- else
- $def_smtp_ports_type = "$def_smtp_ports_info_chk";
-
- /* def MAIL_PORTS */
- $def_mail_ports_info_chk = $snortcfg['def_mail_ports'];
- if ($def_mail_ports_info_chk == "")
- $def_mail_ports_type = "25,143,465,691";
- else
- $def_mail_ports_type = "$def_mail_ports_info_chk";
-
- /* def HTTP_SERVSERS */
- $def_http_servers_info_chk = $snortcfg['def_http_servers'];
- if ($def_http_servers_info_chk == "")
- $def_http_servers_type = "\$HOME_NET";
- else
- $def_http_servers_type = "$def_http_servers_info_chk";
-
- /* def WWW_SERVSERS */
- $def_www_servers_info_chk = $snortcfg['def_www_servers'];
- if ($def_www_servers_info_chk == "")
- $def_www_servers_type = "\$HOME_NET";
- else
- $def_www_servers_type = "$def_www_servers_info_chk";
-
- /* def HTTP_PORTS */
- $def_http_ports_info_chk = $snortcfg['def_http_ports'];
- if ($def_http_ports_info_chk == "")
- $def_http_ports_type = "80";
- else
- $def_http_ports_type = "$def_http_ports_info_chk";
-
- /* def SQL_SERVSERS */
- $def_sql_servers_info_chk = $snortcfg['def_sql_servers'];
- if ($def_sql_servers_info_chk == "")
- $def_sql_servers_type = "\$HOME_NET";
- else
- $def_sql_servers_type = "$def_sql_servers_info_chk";
-
- /* def ORACLE_PORTS */
- $def_oracle_ports_info_chk = $snortcfg['def_oracle_ports'];
- if ($def_oracle_ports_info_chk == "")
- $def_oracle_ports_type = "1521";
- else
- $def_oracle_ports_type = "$def_oracle_ports_info_chk";
-
- /* def MSSQL_PORTS */
- $def_mssql_ports_info_chk = $snortcfg['def_mssql_ports'];
- if ($def_mssql_ports_info_chk == "")
- $def_mssql_ports_type = "1433";
- else
- $def_mssql_ports_type = "$def_mssql_ports_info_chk";
-
- /* def TELNET_SERVSERS */
- $def_telnet_servers_info_chk = $snortcfg['def_telnet_servers'];
- if ($def_telnet_servers_info_chk == "")
- $def_telnet_servers_type = "\$HOME_NET";
- else
- $def_telnet_servers_type = "$def_telnet_servers_info_chk";
-
- /* def TELNET_PORTS */
- $def_telnet_ports_info_chk = $snortcfg['def_telnet_ports'];
- if ($def_telnet_ports_info_chk == "")
- $def_telnet_ports_type = "23";
- else
- $def_telnet_ports_type = "$def_telnet_ports_info_chk";
-
- /* def SNMP_SERVSERS */
- $def_snmp_servers_info_chk = $snortcfg['def_snmp_servers'];
- if ($def_snmp_servers_info_chk == "")
- $def_snmp_servers_type = "\$HOME_NET";
- else
- $def_snmp_servers_type = "$def_snmp_servers_info_chk";
-
- /* def SNMP_PORTS */
- $def_snmp_ports_info_chk = $snortcfg['def_snmp_ports'];
- if ($def_snmp_ports_info_chk == "")
- $def_snmp_ports_type = "161";
- else
- $def_snmp_ports_type = "$def_snmp_ports_info_chk";
-
- /* def FTP_SERVSERS */
- $def_ftp_servers_info_chk = $snortcfg['def_ftp_servers'];
- if ($def_ftp_servers_info_chk == "")
- $def_ftp_servers_type = "\$HOME_NET";
- else
- $def_ftp_servers_type = "$def_ftp_servers_info_chk";
-
- /* def FTP_PORTS */
- $def_ftp_ports_info_chk = $snortcfg['def_ftp_ports'];
- if ($def_ftp_ports_info_chk == "")
- $def_ftp_ports_type = "21";
- else
- $def_ftp_ports_type = "$def_ftp_ports_info_chk";
-
- /* def SSH_SERVSERS */
- $def_ssh_servers_info_chk = $snortcfg['def_ssh_servers'];
- if ($def_ssh_servers_info_chk == "")
- $def_ssh_servers_type = "\$HOME_NET";
- else
- $def_ssh_servers_type = "$def_ssh_servers_info_chk";
-
- /* if user has defined a custom ssh port, use it */
- if(isset($config['system']['ssh']['port']))
- $ssh_port = $config['system']['ssh']['port'];
- else
- $ssh_port = "22";
-
- /* def SSH_PORTS */
- $def_ssh_ports_info_chk = $snortcfg['def_ssh_ports'];
- if ($def_ssh_ports_info_chk == "")
- $def_ssh_ports_type = "{$ssh_port}";
- else
- $def_ssh_ports_type = "$def_ssh_ports_info_chk";
-
- /* def POP_SERVSERS */
- $def_pop_servers_info_chk = $snortcfg['def_pop_servers'];
- if ($def_pop_servers_info_chk == "")
- $def_pop_servers_type = "\$HOME_NET";
- else
- $def_pop_servers_type = "$def_pop_servers_info_chk";
-
- /* def POP2_PORTS */
- $def_pop2_ports_info_chk = $snortcfg['def_pop2_ports'];
- if ($def_pop2_ports_info_chk == "")
- $def_pop2_ports_type = "109";
- else
- $def_pop2_ports_type = "$def_pop2_ports_info_chk";
-
- /* def POP3_PORTS */
- $def_pop3_ports_info_chk = $snortcfg['def_pop3_ports'];
- if ($def_pop3_ports_info_chk == "")
- $def_pop3_ports_type = "110";
- else
- $def_pop3_ports_type = "$def_pop3_ports_info_chk";
-
- /* def IMAP_SERVSERS */
- $def_imap_servers_info_chk = $snortcfg['def_imap_servers'];
- if ($def_imap_servers_info_chk == "")
- $def_imap_servers_type = "\$HOME_NET";
- else
- $def_imap_servers_type = "$def_imap_servers_info_chk";
-
- /* def IMAP_PORTS */
- $def_imap_ports_info_chk = $snortcfg['def_imap_ports'];
- if ($def_imap_ports_info_chk == "")
- $def_imap_ports_type = "143";
- else
- $def_imap_ports_type = "$def_imap_ports_info_chk";
-
- /* def SIP_PROXY_IP */
- $def_sip_proxy_ip_info_chk = $snortcfg['def_sip_proxy_ip'];
- if ($def_sip_proxy_ip_info_chk == "")
- $def_sip_proxy_ip_type = "\$HOME_NET";
- else
- $def_sip_proxy_ip_type = "$def_sip_proxy_ip_info_chk";
-
- /* def SIP_PROXY_PORTS */
- $def_sip_proxy_ports_info_chk = $snortcfg['def_sip_proxy_ports'];
- if ($def_sip_proxy_ports_info_chk == "")
- $def_sip_proxy_ports_type = "5060:5090,16384:32768";
- else
- $def_sip_proxy_ports_type = "$def_sip_proxy_ports_info_chk";
-
- /* def SIP_SERVERS */
- $def_sip_servers_info_chk = $snortcfg['def_sip_servers'];
- if ($def_sip_servers_info_chk == "")
- $def_sip_servers_type = "\$HOME_NET";
- else
- $def_sip_servers_type = "$def_sip_servers_info_chk";
-
- /* def SIP_PORTS */
- $def_sip_ports_info_chk = $snortcfg['def_sip_ports'];
- if ($def_sip_ports_info_chk == "")
- $def_sip_ports_type = "5060:5090,16384:32768";
- else
- $def_sip_ports_type = "$def_sip_ports_info_chk";
-
- /* def AUTH_PORTS */
- $def_auth_ports_info_chk = $snortcfg['def_auth_ports'];
- if ($def_auth_ports_info_chk == "")
- $def_auth_ports_type = "113";
- else
- $def_auth_ports_type = "$def_auth_ports_info_chk";
-
- /* def FINGER_PORTS */
- $def_finger_ports_info_chk = $snortcfg['def_finger_ports'];
- if ($def_finger_ports_info_chk == "")
- $def_finger_ports_type = "79";
- else
- $def_finger_ports_type = "$def_finger_ports_info_chk";
-
- /* def IRC_PORTS */
- $def_irc_ports_info_chk = $snortcfg['def_irc_ports'];
- if ($def_irc_ports_info_chk == "")
- $def_irc_ports_type = "6665,6666,6667,6668,6669,7000";
- else
- $def_irc_ports_type = "$def_irc_ports_info_chk";
-
- /* def NNTP_PORTS */
- $def_nntp_ports_info_chk = $snortcfg['def_nntp_ports'];
- if ($def_nntp_ports_info_chk == "")
- $def_nntp_ports_type = "119";
- else
- $def_nntp_ports_type = "$def_nntp_ports_info_chk";
-
- /* def RLOGIN_PORTS */
- $def_rlogin_ports_info_chk = $snortcfg['def_rlogin_ports'];
- if ($def_rlogin_ports_info_chk == "")
- $def_rlogin_ports_type = "513";
- else
- $def_rlogin_ports_type = "$def_rlogin_ports_info_chk";
-
- /* def RSH_PORTS */
- $def_rsh_ports_info_chk = $snortcfg['def_rsh_ports'];
- if ($def_rsh_ports_info_chk == "")
- $def_rsh_ports_type = "514";
- else
- $def_rsh_ports_type = "$def_rsh_ports_info_chk";
-
- /* def SSL_PORTS */
- $def_ssl_ports_info_chk = $snortcfg['def_ssl_ports'];
- if ($def_ssl_ports_info_chk == "")
- $def_ssl_ports_type = "443,465,563,636,989,990,992,993,994,995";
- else
- $def_ssl_ports_type = "$def_ssl_ports_info_chk";
-
- /* if user is on pppoe, we really want to use ng0 interface */
- if ($snort_pfsense_basever == 'yes' && $snort_ext_int == "wan")
- $snort_ext_int = get_real_wan_interface();
-
- /* set the snort performance model */
- if($snortcfg['performance'])
- $snort_performance = $snortcfg['performance'];
- else
- $snort_performance = "ac-bnfa";
-
-
- /* generate rule sections to load */
- $enabled_rulesets = $snortcfg['rulesets'];
- $selected_rules_sections = "";
- if (!empty($enabled_rulesets)) {
- $enabled_rulesets_array = split("\|\|", $enabled_rulesets);
- foreach($enabled_rulesets_array as $enabled_item)
- $selected_rules_sections .= "include \$RULE_PATH/{$enabled_item}\n";
- }
-
- /////////////////////////////
-
- /* preprocessor code */
-
- /* def perform_stat */
- $snort_perform_stat = <<<EOD
-
-##########################
- #
-# NEW #
-# Performance Statistics #
- #
-##########################
-
-preprocessor perfmonitor: time 300 file /var/log/snort/snort_{$if_real}{$snort_uuid}/snort_{$snort_uuid}_{$if_real}.stats pktcnt 10000
-
-EOD;
-
- $def_perform_stat_info_chk = $snortcfg['perform_stat'];
- if ($def_perform_stat_info_chk == "on")
- $def_perform_stat_type = "$snort_perform_stat";
- else
- $def_perform_stat_type = "";
-
- $def_flow_depth_info_chk = $snortcfg['flow_depth'];
- if (empty($def_flow_depth_info_chk))
- $def_flow_depth_type = '0';
- else
- $def_flow_depth_type = $snortcfg['flow_depth'];
-
- /* def http_inspect */
- $snort_http_inspect = <<<EOD
-
-#################
- #
-# HTTP Inspect #
- #
-#################
-
-preprocessor http_inspect: global iis_unicode_map unicode.map 1252 compress_depth 65535 decompress_depth 65535
-
-# TODO: pfsense GUI needed for ports
-preprocessor http_inspect_server: server default \
- http_methods { GET POST PUT SEARCH MKCOL COPY MOVE LOCK UNLOCK NOTIFY POLL BCOPY BDELETE BMOVE LINK UNLINK OPTIONS HEAD DELETE TRACE TRACK CONNECT SOURCE SUBSCRIBE UNSUBSCRIBE PROPFIND PROPPATCH BPROPFIND BPROPPATCH RPC_CONNECT PROXY_SUCCESS BITS_POST CCM_POST SMS_POST RPC_IN_DATA RPC_OUT_DATA RPC_ECHO_DATA } \
- ports { 80 8080 } \
- non_strict \
- non_rfc_char { 0x00 0x01 0x02 0x03 0x04 0x05 0x06 0x07 } \
- flow_depth {$def_flow_depth_type} \
- apache_whitespace no \
- directory no \
- iis_backslash no \
- u_encode yes \
- extended_response_inspection \
- inspect_gzip \
- normalize_utf \
- unlimited_decompress \
- ascii no \
- chunk_length 500000 \
- bare_byte yes \
- double_decode yes \
- iis_unicode no \
- iis_delimiter no \
- multi_slash no \
- server_flow_depth 0 \
- client_flow_depth 0 \
- post_depth 65495 \
- oversize_dir_length 500 \
- max_header_length 750 \
- max_headers 100 \
- max_spaces 0 \
- small_chunk_length { 10 5 } \
- enable_cookie \
- normalize_javascript \
- utf_8 no \
- webroot no
-
-EOD;
-
- $def_http_inspect_info_chk = $snortcfg['http_inspect'];
- if ($def_http_inspect_info_chk == "on")
- $def_http_inspect_type = "$snort_http_inspect";
- else
- $def_http_inspect_type = "";
-
- /* def other_preprocs */
- $snort_other_preprocs = <<<EOD
-
-##################
- #
-# Other preprocs #
- #
-##################
-
-preprocessor rpc_decode: 111 32770 32771 32772 32773 32774 32775 32776 32777 32778 32779
-preprocessor bo
-
-EOD;
-
- $def_other_preprocs_info_chk = $snortcfg['other_preprocs'];
- if ($def_other_preprocs_info_chk == "on")
- $def_other_preprocs_type = "$snort_other_preprocs";
- else
- $def_other_preprocs_type = "";
-
- /* def ftp_preprocessor */
- $snort_ftp_preprocessor = <<<EOD
-
-#####################
- #
-# ftp preprocessor #
- #
-#####################
-
-preprocessor ftp_telnet: global \
- inspection_type stateful \
- encrypted_traffic no
-
-preprocessor ftp_telnet_protocol: telnet \
- normalize \
- ayt_attack_thresh 200 \
- detect_anomalies
-
-preprocessor ftp_telnet_protocol: \
- ftp server default \
- def_max_param_len 100 \
- # TODO add pfsense GUI
- ports { 21 } \
- telnet_cmds yes \
- ftp_cmds { ABOR ACCT ADAT ALLO APPE AUTH CCC CDUP } \
- ftp_cmds { CEL CLNT CMD CONF CWD DELE ENC EPRT } \
- ftp_cmds { EPSV ESTA ESTP FEAT HELP LANG LIST LPRT } \
- ftp_cmds { LPSV MACB MAIL MDTM MIC MKD MLSD MLST } \
- ftp_cmds { MODE NLST NOOP OPTS PASS PASV PBSZ PORT } \
- ftp_cmds { PROT PWD QUIT REIN REST RETR RMD RNFR } \
- ftp_cmds { RNTO SDUP SITE SIZE SMNT STAT STOR STOU } \
- ftp_cmds { STRU SYST TEST TYPE USER XCUP XCRC XCWD } \
- ftp_cmds { XMAS XMD5 XMKD XPWD XRCP XRMD XRSQ XSEM } \
- ftp_cmds { XSEN XSHA1 XSHA256 } \
- alt_max_param_len 0 { ABOR CCC CDUP ESTA FEAT LPSV NOOP PASV PWD QUIT REIN STOU SYST XCUP XPWD } \
- alt_max_param_len 200 { ALLO APPE CMD HELP NLST RETR RNFR STOR STOU XMKD } \
- alt_max_param_len 256 { CWD RNTO } \
- alt_max_param_len 400 { PORT } \
- alt_max_param_len 512 { SIZE } \
- chk_str_fmt { ACCT ADAT ALLO APPE AUTH CEL CLNT CMD } \
- chk_str_fmt { CONF CWD DELE ENC EPRT EPSV ESTP HELP } \
- chk_str_fmt { LANG LIST LPRT MACB MAIL MDTM MIC MKD } \
- chk_str_fmt { MLSD MLST MODE NLST OPTS PASS PBSZ PORT } \
- chk_str_fmt { PROT REST RETR RMD RNFR RNTO SDUP SITE } \
- chk_str_fmt { SIZE SMNT STAT STOR STRU TEST TYPE USER } \
- chk_str_fmt { XCRC XCWD XMAS XMD5 XMKD XRCP XRMD XRSQ } \
- chk_str_fmt { XSEM XSEN XSHA1 XSHA256 } \
- cmd_validity ALLO < int [ char R int ] > \
- cmd_validity EPSV < [ { char 12 | char A char L char L } ] > \
- cmd_validity MACB < string > \
- cmd_validity MDTM < [ date nnnnnnnnnnnnnn[.n[n[n]]] ] string > \
- cmd_validity MODE < char ASBCZ > \
- cmd_validity PORT < host_port > \
- cmd_validity PROT < char CSEP > \
- cmd_validity STRU < char FRPO [ string ] > \
- cmd_validity TYPE < { char AE [ char NTC ] | char I | char L [ number ] } >
-
-preprocessor ftp_telnet_protocol: ftp client default \
- max_resp_len 256 \
- bounce yes \
- telnet_cmds yes
-
-EOD;
-
- $def_ftp_preprocessor_info_chk = $snortcfg['ftp_preprocessor'];
- if ($def_ftp_preprocessor_info_chk == "on")
- $def_ftp_preprocessor_type = "$snort_ftp_preprocessor";
- else
- $def_ftp_preprocessor_type = "";
-
- /* def smtp_preprocessor */
- $snort_smtp_preprocessor = <<<EOD
-
-#####################
- #
-# SMTP preprocessor #
- #
-#####################
-
-# TODO add pfsense GUI
-preprocessor SMTP: ports { 25 465 691 } \
- inspection_type stateful \
- b64_decode_depth 0 \
- qp_decode_depth 0 \
- bitenc_decode_depth 0 \
- uu_decode_depth 0 \
- log_mailfrom \
- log_rcptto \
- log_filename \
- log_email_hdrs \
- normalize cmds \
- normalize_cmds { ATRN AUTH BDAT CHUNKING DATA DEBUG EHLO EMAL ESAM ESND ESOM ETRN EVFY } \
- normalize_cmds { EXPN HELO HELP IDENT MAIL NOOP ONEX QUEU QUIT RCPT RSET SAML SEND SOML } \
- normalize_cmds { STARTTLS TICK TIME TURN TURNME VERB VRFY X-ADAT X-DRCP X-ERCP X-EXCH50 } \
- normalize_cmds { X-EXPS X-LINK2STATE XADR XAUTH XCIR XEXCH50 XGEN XLICENSE XQUE XSTA XTRN XUSR } \
- max_command_line_len 512 \
- max_header_line_len 1000 \
- max_response_line_len 512 \
- alt_max_command_line_len 260 { MAIL } \
- alt_max_command_line_len 300 { RCPT } \
- alt_max_command_line_len 500 { HELP HELO ETRN EHLO } \
- alt_max_command_line_len 255 { EXPN VRFY ATRN SIZE BDAT DEBUG EMAL ESAM ESND ESOM EVFY IDENT NOOP RSET } \
- alt_max_command_line_len 246 { SEND SAML SOML AUTH TURN ETRN DATA RSET QUIT ONEX QUEU STARTTLS TICK TIME TURNME VERB X-EXPS X-LINK2STATE XADR XAUTH XCIR XEXCH50 XGEN XLICENSE XQUE XSTA XTRN XUSR } \
- valid_cmds { ATRN AUTH BDAT CHUNKING DATA DEBUG EHLO EMAL ESAM ESND ESOM ETRN EVFY } \
- valid_cmds { EXPN HELO HELP IDENT MAIL NOOP ONEX QUEU QUIT RCPT RSET SAML SEND SOML } \
- valid_cmds { STARTTLS TICK TIME TURN TURNME VERB VRFY X-ADAT X-DRCP X-ERCP X-EXCH50 } \
- valid_cmds { X-EXPS X-LINK2STATE XADR XAUTH XCIR XEXCH50 XGEN XLICENSE XQUE XSTA XTRN XUSR } \
- xlink2state { enabled }
-
-EOD;
-
- $def_smtp_preprocessor_info_chk = $snortcfg['smtp_preprocessor'];
- if ($def_smtp_preprocessor_info_chk == "on")
- $def_smtp_preprocessor_type = "$snort_smtp_preprocessor";
- else
- $def_smtp_preprocessor_type = "";
-
- /* def sf_portscan */
- $snort_sf_portscan = <<<EOD
-
-################
- #
-# sf Portscan #
- #
-################
-
-preprocessor sfportscan: scan_type { all } \
- proto { all } \
- memcap { 10000000 } \
- sense_level { medium } \
- ignore_scanners { \$HOME_NET }
-
-EOD;
-
- $def_sf_portscan_info_chk = $snortcfg['sf_portscan'];
- if ($def_sf_portscan_info_chk == "on")
- $def_sf_portscan_type = "$snort_sf_portscan";
- else
- $def_sf_portscan_type = "";
-
- /* def dce_rpc_2 */
- $snort_dce_rpc_2 = <<<EOD
-
-###############
- #
-# NEW #
-# DCE/RPC 2 #
- #
-###############
-
-preprocessor dcerpc2: memcap 102400, events [smb, co, cl]
-preprocessor dcerpc2_server: default, policy WinXP, \
- detect [smb [139,445], tcp 135, udp 135, rpc-over-http-server 593], \
- autodetect [tcp 1025:, udp 1025:, rpc-over-http-server 1025:], \
- smb_max_chain 3, \
- smb_invalid_shares ["C$", "D$", "ADMIN$"]
-
-EOD;
-
- $def_dce_rpc_2_info_chk = $snortcfg['dce_rpc_2'];
- if ($def_dce_rpc_2_info_chk == "on")
- $def_dce_rpc_2_type = "$snort_dce_rpc_2";
- else
- $def_dce_rpc_2_type = "";
-
- /* def dns_preprocessor */
- $snort_dns_preprocessor = <<<EOD
-
-####################
- #
-# DNS preprocessor #
- #
-####################
-
-# TODO add pfsense GUI
-preprocessor dns: \
- ports { 53 } \
- enable_rdata_overflow
-
-EOD;
-
- $def_dns_preprocessor_info_chk = $snortcfg['dns_preprocessor'];
- if ($def_dns_preprocessor_info_chk == "on")
- $def_dns_preprocessor_type = "$snort_dns_preprocessor";
- else
- $def_dns_preprocessor_type = "";
-
- /* def SSL_PORTS IGNORE */
- $def_ssl_ports_ignore_info_chk = $snortcfg['def_ssl_ports_ignore'];
- if ($def_ssl_ports_ignore_info_chk == "")
- $def_ssl_ports_ignore_type = "443 465 563 636 989 990 992 993 994 995";
- else
- $def_ssl_ports_ignore_type = "$def_ssl_ports_ignore_info_chk";
-
- /* stream5 queued settings */
-
-
- $def_max_queued_bytes_info_chk = $snortcfg['max_queued_bytes'];
- if ($def_max_queued_bytes_info_chk == '')
- $def_max_queued_bytes_type = '';
- else
- $def_max_queued_bytes_type = ' max_queued_bytes ' . $snortcfg['max_queued_bytes'] . ',';
-
- $def_max_queued_segs_info_chk = $snortcfg['max_queued_segs'];
- if ($def_max_queued_segs_info_chk == '')
- $def_max_queued_segs_type = '';
- else
- $def_max_queued_segs_type = ' max_queued_segs ' . $snortcfg['max_queued_segs'] . ',';
-
- $snort_preprocessor_decoder_rules = "";
- if (file_exists("/usr/local/etc/snort/preproc_rules/preprocessor.rules"))
- $snort_preprocessor_decoder_rules .= "include \$PREPROC_RULE_PATH/preprocessor.rules\n";
- if (file_exists("/usr/local/etc/snort/preproc_rules/decoder.rules"))
- $snort_preprocessor_decoder_rules .= "include \$PREPROC_RULE_PATH/decoder.rules\n";
-
- /* build snort configuration file */
- $snort_conf_text = <<<EOD
-
-##############################################################################
-# #
-# snort configuration file generated by the pfSense package manager system #
-# see /usr/local/pkg/snort.inc # #
-# for snort ver. 2.9.2.3 #
-# more information Snort can be found at http://www.snort.org/ #
-# #
-##############################################################################
-
-#########################
- #
-# Define Local Network #
- #
-#########################
-
-# TODO: bug, auto gen is adding extra 127.0.0.1
-ipvar HOME_NET {$home_net}
-ipvar EXTERNAL_NET {$external_net}
-
-###################
- #
-# Define Servers #
- #
-###################
-
-ipvar DNS_SERVERS [{$def_dns_servers_type}]
-ipvar SMTP_SERVERS [{$def_smtp_servers_type}]
-ipvar HTTP_SERVERS [{$def_http_servers_type}]
-ipvar SQL_SERVERS [{$def_sql_servers_type}]
-ipvar TELNET_SERVERS [{$def_telnet_servers_type}]
-ipvar FTP_SERVERS [{$def_ftp_servers_type}]
-ipvar SSH_SERVERS [{$def_ssh_servers_type}]
-ipvar SIP_PROXY_IP [{$def_sip_proxy_ip_type}]
-ipvar SIP_SERVERS [{$def_sip_servers_type}]
-ipvar AIM_SERVERS [64.12.24.0/23,64.12.28.0/23,64.12.161.0/24,64.12.163.0/24,64.12.200.0/24,205.188.3.0/24,205.188.5.0/24,205.188.7.0/24,205.188.9.0/24,205.188.153.0/24,205.188.179.0/24,205.188.248.0/24]
-# def below may have been removed
-ipvar POP_SERVERS [{$def_pop_servers_type}]
-ipvar IMAP_SERVERS [{$def_imap_servers_type}]
-ipvar RPC_SERVERS [\$HOME_NET]
-ipvar WWW_SERVERS [{$def_www_servers_type}]
-ipvar SNMP_SERVERS [{$def_snmp_servers_type}]
-
-
-########################
- #
-# Define Server Ports #
- #
-########################
-
-portvar HTTP_PORTS [{$def_http_ports_type}]
-portvar SHELLCODE_PORTS !80
-portvar ORACLE_PORTS [{$def_oracle_ports_type}]
-portvar FTP_PORTS [{$def_ftp_ports_type}]
-portvar SSH_PORTS [{$def_ssh_ports_type}]
-portvar SIP_PORTS [{$def_sip_ports_type}]
-### Below ports need new gui ###
-portvar FILE_DATA_PORTS [\$HTTP_PORTS,110,143]
-portvar GTP_PORTS [2123,2152,3386]
-portvar MODBUS_PORTS [502]
-portvar DNP3_PORTS [20000]
-# These ports may have been removed left here so no custom rules break
-portvar AUTH_PORTS [{$def_auth_ports_type}]
-portvar DNS_PORTS [{$def_dns_ports_type}]
-portvar FINGER_PORTS [{$def_finger_ports_type}]
-portvar IMAP_PORTS [{$def_imap_ports_type}]
-portvar IRC_PORTS [{$def_irc_ports_type}]
-portvar MSSQL_PORTS [{$def_mssql_ports_type}]
-portvar NNTP_PORTS [{$def_nntp_ports_type}]
-portvar POP2_PORTS [{$def_pop2_ports_type}]
-portvar POP3_PORTS [{$def_pop3_ports_type}]
-portvar SUNRPC_PORTS [111,32770,32771,32772,32773,32774,32775,32776,32777,32778,32779]
-portvar RLOGIN_PORTS [{$def_rlogin_ports_type}]
-portvar RSH_PORTS [{$def_rsh_ports_type}]
-portvar SMB_PORTS [139,445]
-portvar SMTP_PORTS [{$def_smtp_ports_type}]
-portvar SNMP_PORTS [{$def_snmp_ports_type}]
-portvar TELNET_PORTS [{$def_telnet_ports_type}]
-portvar MAIL_PORTS [{$def_mail_ports_type}]
-portvar SSL_PORTS [{$def_sip_proxy_ports_type}]
-portvar SIP_PROXY_PORTS [{$def_sip_ports_type}]
-
-# These ports may have been removed left here so no custom rules break
-# DCERPC NCACN-IP-TCP
-portvar DCERPC_NCACN_IP_TCP [139,445]
-portvar DCERPC_NCADG_IP_UDP [138,1024:]
-portvar DCERPC_NCACN_IP_LONG [135,139,445,593,1024:]
-portvar DCERPC_NCACN_UDP_LONG [135,1024:]
-portvar DCERPC_NCACN_UDP_SHORT [135,593,1024:]
-portvar DCERPC_NCACN_TCP [2103,2105,2107]
-portvar DCERPC_BRIGHTSTORE [6503,6504]
-
-
-#####################
- #
-# Define Rule Paths #
- #
-#####################
-
-var RULE_PATH /usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}/rules
-var PREPROC_RULE_PATH /usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}/preproc_rules
-var SO_RULE_PATH /usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}/so_rules
-
-#############################################################
-# #
-# reputation preprocessor, ALWAYS USE FULL PATHS, BUG 89986 #
-# #
-#############################################################
-
-#var WHITE_LIST_PATH ../rules
-#var BLACK_LIST_PATH ../rules
-
-################################
- #
-# Configure the snort decoder #
- #
-################################
-
-config checksum_mode: all
-config disable_decode_alerts
-config disable_tcpopt_experimental_alerts
-config disable_tcpopt_obsolete_alerts
-config disable_ttcp_alerts
-config disable_tcpopt_alerts
-config disable_tcpopt_ttcp_alerts
-config disable_ipopt_alerts
-config disable_decode_drops
-
-################ The following is for inline mode tunning ################
-
-# config enable_decode_oversized_alerts
-# config enable_decode_oversized_drops
-# config flowbits_size: 64
-
-#### make sure I enable gui for this ##########
-# config ignore_ports: tcp 21 6667:6671 1356 #
-# config ignore_ports: udp 1:17 53 #
-###############################################
-
-# Configure active response for non inline
-# config response: eth0 attempts 2
-
-# Configure DAQ related options for inline mode
-#
-# config daq: <type>
-# config daq_dir: <dir>
-# config daq_mode: <mode>
-# config daq_var: <var>
-#
-# <type> ::= pcap | afpacket | dump | nfq | ipq | ipfw
-# <mode> ::= read-file | passive | inline
-# <var> ::= arbitrary <name>=<value passed to DAQ
-# <dir> ::= path as to where to look for DAQ module so's
-
-## gui needed for pfsense ##
-# config daq: afpacket
-
-#############################################################
-
-########################################
-# Configure specific UID and GID
-# to run snort as after dropping privs
-#
-# config set_gid:
-# config set_uid:
-########################################
-
-########################################
-#
-# Configure default snaplen. Snort
-# defaults to MTU of in use interface
-#
-# config snaplen:
-#
-# TODO: gui needed for pfsense
-#
-########################################
-
-################################################################
-#
-# Configure default bpf_file to use for filtering what traffic
-# reaches snort. options (-F)
-#
-# config bpf_file:
-#
-# TODO: gui needed for pfsense
-#
-###############################################################
-
-#####################################################################
-#
-# Configure default log directory for snort to log to. options (-l)
-#
-# config logdir:
-#
-#####################################################################
-
-###################################
- #
-# Configure the detection engine #
-# Use lower memory models #
- #
-###################################
-
-# TODO: gui needed for pfsense
-# Configure PCRE match limitations
-config pcre_match_limit: 3500
-config pcre_match_limit_recursion: 1500
-
-#############################################################################
-# #
-# Configure the detection engine #
-# Use lower memory models for pfsense #
-# #
-# #
-# Notes #
-# #
-# ac, ac-q, ac-bnfa, ac-bnfa-q, lowmem, lowmem-q #
-# ac-split shorthand for search-method ac, split-any-any, intel-cpm,ac-nq, #
-# ac-bnfa-nq This is the default search method if none is specified. #
-# lowmem-nq, ac-std, acs, ac-banded, ac-sparsebands #
-# #
-#############################################################################
-
-config detection: search-method {$snort_performance} search-optimize max-pattern-len 20
-config event_queue: max_queue 8 log 3 order_events content_length
-
-###################################################
-# Configure GTP if it is to be used
-####################################################
-
-# TODO: gui needed for pfsense
-# config enable_gtp
-
-###################################################
-# Per packet and rule latency enforcement, README.ppm
-###################################################
-
-# Per Packet latency configuration
-#config ppm: max-pkt-time 250, \
-# fastpath-expensive-packets, \
-# pkt-log
-
-# Per Rule latency configuration
-#config ppm: max-rule-time 200, \
-# threshold 3, \
-# suspend-expensive-rules, \
-# suspend-timeout 20, \
-# rule-log alert
-
-###################################################
-# Configure Perf Profiling for debugging, README.PerfProfiling
-###################################################
-
-#config profile_rules: print all, sort avg_ticks
-#config profile_preprocs: print all, sort avg_ticks
-
-###################################################
-# Configure protocol aware flushing. README.stream5
-###################################################
-config paf_max: 16000
-
-##################################################
-# Configure dynamic loaded libraries
-##################################################
-
-dynamicpreprocessor directory /usr/local/lib/snort/dynamicpreprocessor
-dynamicengine /usr/local/lib/snort/dynamicengine/libsf_engine.so
-dynamicdetection directory /usr/local/lib/snort/dynamicrules
-
-###################
- #
-# Flow and stream #
- #
-###################
-
-# TODO: gui needed for pfsense
-# GTP Control Channle Preprocessor, README.GTP
-preprocessor gtp: ports { 2123 3386 2152 }
-
-####################################################
-# Inline packet normalization, README.normalize
-# Does nothing in IDS mode
-#
-# preprocessor normalize_ip4
-# preprocessor normalize_tcp: ips ecn stream
-# preprocessor normalize_icmp4
-# preprocessor normalize_ip6
-# preprocessor normalize_icmp6
-####################################################
-
-# this tuning ,may need testing
-preprocessor frag3_global: max_frags 65536
-preprocessor frag3_engine: policy bsd detect_anomalies
-
-preprocessor stream5_global: track_tcp yes, track_udp yes, track_icmp yes, max_tcp 262144, max_udp 131072, max_active_responses 2, min_response_seconds 5
-
-preprocessor stream5_tcp: policy BSD, ports both all, timeout 180, {$def_max_queued_bytes_type}{$def_max_queued_segs_type}
-preprocessor stream5_udp: timeout 180
-preprocessor stream5_icmp:
-
- {$def_perform_stat_type}
-
- {$def_http_inspect_type}
-
- {$def_other_preprocs_type}
-
- {$def_ftp_preprocessor_type}
-
- {$def_smtp_preprocessor_type}
-
- {$def_sf_portscan_type}
-
-########################
- #
-# ARP spoof detection. #
- #
-########################
-
-# preprocessor arpspoof
-# preprocessor arpspoof_detect_host: 192.168.40.1 f0:0f:00:f0:0f:00
-
-##########################
- #
-# SSH anomaly detection #
- #
-##########################
-
-preprocessor ssh: server_ports { 22 } \
- autodetect \
- max_client_bytes 19600 \
- max_encrypted_packets 20 \
- max_server_version_len 100 \
- enable_respoverflow enable_ssh1crc32 \
- enable_srvoverflow enable_protomismatch
-
-
- {$def_dce_rpc_2_type}
-
- {$def_dns_preprocessor_type}
-
-##############################
- #
-# NEW #
-# Ignore SSL and Encryption #
- #
-##############################
-
-preprocessor ssl: ports { {$def_ssl_ports_ignore_type} }, trustservers, noinspect_encrypted
-
-
-###########################################################
- #
-# SDF sensitive data preprocessor, README.sensitive_data #
- #
-###########################################################
-
-# TODO: add pfsense GUI
-preprocessor sensitive_data: alert_threshold 20
-
-#############################################################
- #
-# SIP Session Initiation Protocol preprocessor, README.sip #
- #
-#############################################################
-
-# TODO: add pfsense GUI
-preprocessor sip: max_sessions 40000, \
- ports { 5060 5061 5600 }, \
- methods { invite \
- cancel \
- ack \
- bye \
- register \
- options \
- refer \
- subscribe \
- update \
- join \
- info \
- message \
- notify \
- benotify \
- do \
- qauth \
- sprack \
- publish \
- service \
- unsubscribe \
- prack }, \
- max_uri_len 512, \
- max_call_id_len 80, \
- max_requestName_len 20, \
- max_from_len 256, \
- max_to_len 256, \
- max_via_len 1024, \
- max_contact_len 512, \
- max_content_len 2048
-
-##################################
- #
-# IMAP preprocessor, README.imap #
- #
-##################################
-
-# TODO: add pfsense GUI
-preprocessor imap: \
- ports { 143 } \
- b64_decode_depth 0 \
- qp_decode_depth 0 \
- bitenc_decode_depth 0 \
- uu_decode_depth 0
-
-##################################
- #
-# POP preprocessor, README.pop #
- #
-##################################
-
-# TODO: add pfsense GUI
-preprocessor pop: \
- ports { 110 } \
- b64_decode_depth 0 \
- qp_decode_depth 0 \
- bitenc_decode_depth 0 \
- uu_decode_depth 0
-
-#######################################
- #
-# Modbus preprocessor, README.modbus #
-# Used for SCADA #
- #
-#######################################
-
-# TODO: add pfsense GUI
-preprocessor modbus: ports { 502 }
-
-
-###############################################
- #
-# DNP3 preprocessor, EADME.dnp3 #
- #
-###############################################
-
-# TODO: add pfsense GUI
-preprocessor dnp3: ports { 20000 } \
- memcap 262144 \
- check_crc
-
-###############################################
- #
-# Reputation preprocessor, README.reputation #
- #
-###############################################
-
-#preprocessor reputation: \
-# memcap 500, \
-# priority whitelist, \
-# nested_ip inner, \
-# whitelist $WHITE_LIST_PATH/white_list.rules, \
-# blacklist $BLACK_LIST_PATH/black_list.rules
-
-
-#####################
- #
-# Snort Output Logs #
- #
-#####################
-
-$snortunifiedlogbasic_type
-$snortalertlogtype_type
-$alertsystemlog_type
-$tcpdumplog_type
-$snortmysqllog_info_chk
-$snortunifiedlog_type
-$spoink_type
-
-#################
- #
-# Misc Includes #
- #
-#################
-
-include /usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}/reference.config
-include /usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}/classification.config
-{$snort_preprocessor_decoder_rules}
-
-$threshold_file_name
-
-# Snort user pass through configuration
-{$snort_config_pass_thru}
-
-###################
- #
-# Rules Selection #
- #
-###################
-
- {$selected_rules_sections}
-
-EOD;
-
- return $snort_conf_text;
-}
-
-/* hide progress bar */
-function hide_progress_bar_status() {
- global $snort_filename, $snort_filename_md5, $console_mode;
-
- ob_flush();
- if(!$console_mode)
- echo "\n<script type=\"text/javascript\">document.progressbar.style.visibility='hidden';\n</script>";
-}
-
-/* unhide progress bar */
-function unhide_progress_bar_status() {
- global $snort_filename, $snort_filename_md5, $console_mode;
-
- ob_flush();
- if(!$console_mode)
- echo "\n<script type=\"text/javascript\">document.progressbar.style.visibility='visible';\n</script>";
-}
-
-/* update both top and bottom text box during an operation */
-function update_all_status($status) {
- global $snort_filename, $snort_filename_md5, $console_mode;
-
- ob_flush();
- if(!$console_mode) {
- update_status($status);
- update_output_window($status);
- }
-}
-
-######## new
-
-// returns array that matches pattern, option to replace objects in matches
-function snortScanDirFilter($arrayList, $pattmatch, $pattreplace, $pattreplacewith)
-{
- foreach ( $arrayList as $val )
- {
- if (preg_match($pattmatch, $val, $matches)) {
- if ($pattreplace != '') {
- $matches2 = preg_replace($pattreplace, $pattreplacewith, $matches[0]);
- $filterDirList[] = $matches2;
- }else{
- $filterDirList[] = $matches[0];
- }
- }
- }
- return $filterDirList;
-}
-
-?>
+<?php +/* + snort.inc + Copyright (C) 2006 Scott Ullrich + Copyright (C) 2009-2010 Robert Zelaya + Copyright (C) 2011 Ermal Luci + part of pfSense + All rights reserved. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. + */ + +require_once("pfsense-utils.inc"); +require_once("config.inc"); +require_once("functions.inc"); + +// Needed on 2.0 because of filter_get_vpns_list() +require_once("filter.inc"); + +/* package version */ +$snort_package_version = 'Snort 2.9.2.3 pkg v. 2.2'; +$snort_rules_file = "snortrules-snapshot-2922.tar.gz"; + +/* Allow additional execution time 0 = no limit. */ +ini_set('max_execution_time', '9999'); +ini_set('max_input_time', '9999'); + +/* define oinkid */ +if ($config['installedpackages']['snortglobal']) + $oinkid = $config['installedpackages']['snortglobal']['oinkmastercode']; +else + $config['installedpackages']['snortglobal'] = array(); + +/* find out if were in 1.2.3-RELEASE */ +if (intval($config['version']) > 6) + $snort_pfsense_basever = 'no'; +else + $snort_pfsense_basever = 'yes'; + +/* find out what arch where in x86 , x64 */ +global $snort_arch; +$snort_arch = 'x86'; +$snort_arch_ck = php_uname("m"); +if ($snort_arch_ck == 'i386') + $snort_arch = 'x86'; +else if ($snort_arch_ck == "amd64") + $snort_arch = 'x64'; +else + $snort_arch = "Unknown"; + +/* tell me my theme */ +$pfsense_theme_is = $config['theme']; + +/* func builds custom white lists */ +function find_whitelist_key($find_wlist_number) { + global $config, $g; + + if (!is_array($config['installedpackages']['snortglobal']['whitelist'])) + $config['installedpackages']['snortglobal']['whitelist'] = array(); + if (!is_array($config['installedpackages']['snortglobal']['whitelist']['item'])) + return 0; /* XXX */ + + foreach ($config['installedpackages']['snortglobal']['whitelist']['item'] as $w_key => $value) { + if ($value['name'] == $find_wlist_number) + return $w_key; + } +} + +/* func builds custom suppress lists */ +function find_suppress_key($find_slist_number) { + global $config, $g; + + if (!is_array($config['installedpackages']['snortglobal']['suppress'])) + $config['installedpackages']['snortglobal']['suppress'] = array(); + if (!is_array($config['installedpackages']['snortglobal']['suppress']['item'])) + return 0; /* XXX */ + + foreach ($config['installedpackages']['snortglobal']['suppress']['item'] as $s_key => $value) { + if ($value['name'] == $find_slist_number) + return $s_key; + } +} + +/* func builds custom whitelests */ +function build_base_whitelist($build_netlist, $wanip, $wangw, $wandns, $vips, $vpns, $userwips) { + global $config, $g, $snort_pfsense_basever; + + /* build an interface array list */ + if (function_exists('get_configured_interface_list')) + $int_array = get_configured_interface_list(); + else { + $int_array = array('lan'); + for ($j = 1; isset ($config['interfaces']['opt' . $j]); $j++) + if(isset($config['interfaces']['opt' . $j]['enable'])) + if(isset($config['interfaces']['opt' . $j]['gateway'])) + $int_array[] = "opt{$j}"; + } + + $home_net = ""; + + /* iterate through interface list and write out whitelist items + * and also compile a home_net list for snort. + */ + foreach ($int_array as $int) { + /* calculate interface subnet information */ + if (function_exists('get_interface_ip')) { + $subnet = get_interface_ip($int); + if (is_ipaddr($subnet)) { + $sn = get_interface_subnet($int); + $home_net .= "{$subnet}/{$sn} "; + } + } else { + $ifcfg = $config['interfaces'][$int]; + switch ($ifcfg['ipaddr']) { + case "pppoe": + case "pptp": + case "l2tp": + if (function_exists('get_interface_ip')) + $subnet = get_interface_ip($int); + else + $subnet = find_interface_ip("ng0"); + + if (is_ipaddr($subnet)) + $home_net .= "{$subnet} "; + break; + case "dhcp": + $subnet = find_interface_ip(snort_get_real_interface($int)); + if (is_ipaddr($subnet)) + $home_net .= "{$subnet} "; + break; + default: + if (is_ipaddr($ifcfg['ipaddr'])) { + $subnet = gen_subnet($ifcfg['ipaddr'], $ifcfg['subnet']); + if ($ifcfg['subnet']) + $home_net .= "{$subnet}/{$ifcfg['subnet']} "; + } + break; + } + } + } + + if ($snort_pfsense_basever == 'yes' && $wanip == 'yes') { + /* add all WAN ips to the whitelist */ + $wan_if = get_real_wan_interface(); + $ip = find_interface_ip($wan_if); + if (is_ipaddr($ip)) + $home_net .= "{$ip} "; + } + + if ($wangw == 'yes') { + /* Add Gateway on WAN interface to whitelist (For RRD graphs) */ + $gw = get_interface_gateway('wan'); + if($gw) + $home_net .= "{$gw} "; + } + + if($wandns == 'yes') { + /* Add DNS server for WAN interface to whitelist */ + $dns_servers = get_dns_servers(); + foreach ($dns_servers as $dns) { + if($dns) + $home_net .= "{$dns} "; + } + } + + if($vips == 'yes') { + /* iterate all vips and add to whitelist */ + if (is_array($config['virtualip']) && is_array($config['virtualip']['vip'])) { + foreach($config['virtualip']['vip'] as $vip) + if($vip['subnet']) + $home_net .= "{$vip['subnet']} "; + } + } + + /* Add loopback to whitelist (ftphelper) */ + $home_net .= "127.0.0.1 "; + + /* grab a list of vpns and whitelist if user desires added by nestorfish 954 */ + if ($vpns == 'yes') { + if ($snort_pfsense_basever == 'yes') // chk what pfsense version were on + $vpns_list = get_vpns_list(); + else if ($snort_pfsense_basever == 'no') // chk what pfsense version were on + $vpns_list = filter_get_vpns_list(); + + if (!empty($vpns_list)) + $home_net .= "{$vpns_list} "; + } + + /* never ever compair numbers to words */ + if ($userwips > -1) { + if (!is_array($config['installedpackages']['snortglobal']['whitelist']['item'])) + $config['installedpackages']['snortglobal']['whitelist']['item'] = array(); + + $home_net .= $config['installedpackages']['snortglobal']['whitelist']['item'][$userwips]['address']; + } + + $home_net = trim($home_net); + + /* this foe whitelistfile, convert spaces to carriage returns */ + if ($build_netlist == 'whitelist') { + $whitelist_home_net = str_replace(" ", "\n", $home_net); + $whitelist_home_net = str_replace(" ", "\n", $home_net); + return $whitelist_home_net; + } + + /* this is for snort.conf */ + $validator = explode(" ", $home_net); + $valresult = array(); + foreach ($validator as $vald) { + if (empty($vald)) + continue; + $valresult[] = $vald; + } + $home_net = implode(",", $valresult); + $home_net = "[{$home_net}]"; + + return $home_net; +} + + +/* checks to see if snort is running yes/no and stop/start */ +function Running_Ck($snort_uuid, $if_real, $id) { + global $config; + + $snort_uph = 'no'; + $snort_up_prell = exec("/bin/pgrep -f 'snort.*R {$snort_uuid}'"); + if ($snort_up_prell != '') + $snort_uph = 'yes'; + + return $snort_uph; +} + +/* checks to see if barnyard2 is running yes/no */ +function Running_Ck_b($snort_uuid, $if_real, $id) { + global $config; + + $snort_up_b = 'no'; + $snort_up_pre_b = exec("/bin/pgrep -f 'barnyard2.*{$snort_uuid}_{$if_real}'"); + if ($snort_up_pre_b != '') + $snort_up_b = 'yes'; + + return $snort_up_b; +} + +function Running_Stop($snort_uuid, $if_real, $id) { + global $config, $g; + + /* if snort.sh crashed this will remove the pid */ + @unlink("{$g['tmp_path']}/snort.sh.pid"); + + $start_up = exec("/bin/pgrep -f 'snort.*R {$snort_uuid}'"); + $start_upb = exec("/bin/pgrep -f 'barnyard2.*{$snort_uuid}_{$if_real}'"); + + + /* + * TODO: Add a GUI option that lets the user keep full logs + */ + if ($start_up != '') { + @exec("/bin/kill {$start_up}"); + @exec("/bin/rm /var/log/snort/run/snort_{$if_real}{$snort_uuid}*"); + @exec("/bin/rm /var/log/snort/{$snort_uuid}_{$if_real}/snort.u1*"); + @exec("/bin/rm /var/log/snort/{$snort_uuid}_{$if_real}/snort.u2*"); + } + + if ($start_upb != '') { + @exec("/bin/kill {$start_upb}"); + @exec("/bin/rm /var/log/snort/run/barnyard2_{$snort_uuid}_{$if_real}*"); + @exec("/bin/rm /var/log/snort/barnyard2/{$snort_uuid}_{$if_real}/snort.u1*"); + @exec("/bin/rm /var/log/snort/barnyard2/{$snort_uuid}_{$if_real}/snort.u2*"); + } + + /* Log Iface stop */ + exec("/usr/bin/logger -p daemon.info -i -t SnortStartup 'Interface Rule STOP for {$snort_uuid}_{$if_real}...'"); + sleep(2); // Give time so GUI displays correctly +} + +function Running_Start($snort_uuid, $if_real, $id) { + global $config; + + /* if snort.sh crashed this will remove the pid */ + @unlink("{$g['tmp_path']}/snort.sh.pid"); + + $snort_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['enable']; + if ($snort_info_chk == 'on') + exec("/usr/local/bin/snort -R \"{$snort_uuid}\" -D -q -l /var/log/snort/{$snort_uuid}_{$if_real} --pid-path /var/log/snort/run -G {$snort_uuid} -c /usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}/snort.conf -i {$if_real}"); + else + return; + + /* define snortbarnyardlog_chk */ + /* top will have trouble if the uuid is to far back */ + $snortbarnyardlog_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['barnyard_enable']; + if ($snortbarnyardlog_info_chk == 'on') { + exec("/usr/local/bin/barnyard2 -f \"snort.u2\" --pid-path /var/log/snort/run -c /usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}/barnyard2.conf -d /var/log/snort/{$snort_uuid}_{$if_real} -D -q"); + } + + /* Log Iface stop */ + exec("/usr/bin/logger -p daemon.info -i -t SnortStartup 'Interface Rule START for {$id}_{$snort_uuid}_{$if_real}...'"); + sleep(2); // Give time so GUI displays correctly +} + +function snort_get_friendly_interface($interface) { + + if (function_exists('convert_friendly_interface_to_friendly_descr')) + $iface = convert_friendly_interface_to_friendly_descr($interface); + else { + if (!$interface || ($interface == "wan")) + $iface = "WAN"; + else if(strtolower($interface) == "lan") + $iface = "LAN"; + else if(strtolower($interface) == "pppoe") + $iface = "PPPoE"; + else if(strtolower($interface) == "pptp") + $iface = "PPTP"; + else + $iface = strtoupper($interface); + } + + return $iface; +} + +/* get the real iface name of wan */ +function snort_get_real_interface($interface) { + global $config; + + $lc_interface = strtolower($interface); + if (function_exists('get_real_interface')) + return get_real_interface($lc_interface); + else { + if ($lc_interface == "lan") { + if ($config['inerfaces']['lan']) + return $config['interfaces']['lan']['if']; + return $interface; + } + if ($lc_interface == "wan") + return $config['interfaces']['wan']['if']; + $ifdescrs = array(); + for ($j = 1; isset($config['interfaces']['opt' . $j]); $j++) { + $ifname = "opt{$j}"; + if(strtolower($ifname) == $lc_interface) + return $config['interfaces'][$ifname]['if']; + if(isset($config['interfaces'][$ifname]['descr']) && (strtolower($config['interfaces'][$ifname]['descr']) == $lc_interface)) + return $config['interfaces'][$ifname]['if']; + } + } + + return $interface; +} + +/* + this code block is for deleteing logs while keeping the newest file, + snort is linked to these files while running, do not take the easy way out + by touch and rm, snort will lose sync and not log. + + this code needs to be watched. + */ + +/* list dir files */ +function snort_file_list($snort_log_dir, $snort_log_file) +{ + $dir = opendir ("$snort_log_dir"); + while (false !== ($file = readdir($dir))) { + if (strpos($file, "$snort_log_file",1) ) + $file_list[] = basename($file); + } + return $file_list; +} + +/* snort dir files */ +function snort_file_sort($snort_file1, $snort_file2) +{ + if ($snort_file1 == $snort_file2) + return 0; + + return ($snort_file1 < $snort_file2); // ? -1 : 1; // this flips the array +} + +/* build files newest first array */ +function snort_build_order($snort_list) +{ + foreach ($snort_list as $value_list) + $list_order[] = $value_list; + + return $list_order; +} + +/* keep the newest remove the rest */ +function snort_remove_files($snort_list_rm, $snort_file_safe) +{ + foreach ($snort_list_rm as $value_list) { + if ($value_list != $snort_file_safe) + @unlink("/var/log/snort/$value_list"); + else + file_put_contents("/var/log/snort/$snort_file_safe", ""); + } +} + +/* + * TODO: + * This is called by snort_alerts.php. + * + * This func needs to be made to only clear one interface rule log + * at a time. + * + */ +function post_delete_logs() +{ + global $config, $g; + + /* do not start config build if rules is empty */ + if (!is_array($config['installedpackages']['snortglobal']['rule'])) + return; + + $snort_log_dir = '/var/log/snort'; + + foreach ($config['installedpackages']['snortglobal']['rule'] as $value) { + $result_lan = $value['interface']; + $if_real = snort_get_real_interface($result_lan); + $snort_uuid = $value['uuid']; + + if ($if_real != '' && $snort_uuid != '') { + if ($value['snortunifiedlog'] == 'on') { + $snort_log_file_u2 = "snort.u2."; + $snort_list_u2 = snort_file_list($snort_log_dir, $snort_log_file_u2); + if (is_array($snort_list_u2)) { + usort($snort_list_u2, "snort_file_sort"); + $snort_u2_rm_list = snort_build_order($snort_list_u2); + snort_remove_files($snort_u2_rm_list, $snort_u2_rm_list[0]); + } + } else + exec("/bin/rm $snort_log_dir/{$snort_uuid}_{$if_real}/snort.u2*"); + + if ($value['tcpdumplog'] == 'on') { + $snort_log_file_tcpd = "snort.tcpdump."; + $snort_list_tcpd = snort_file_list($snort_log_dir, $snort_log_file_tcpd); + if (is_array($snort_list_tcpd)) { + usort($snort_list_tcpd, "snort_file_sort"); + $snort_tcpd_rm_list = snort_build_order($snort_list_tcpd); + snort_remove_files($snort_tcpd_rm_list, $snort_tcpd_rm_list[0]); + } + } else + exec("/bin/rm $snort_log_dir/{$snort_uuid}_{$if_real}/snort.tcpdump*"); + + /* create barnyard2 configuration file */ + //if ($value['barnyard_enable'] == 'on') + //create_barnyard2_conf($id, $if_real, $snort_uuid); + + if ($value['perform_stat'] == 'on') + @file_put_contents("$snort_log_dirt/{$snort_uuid}_{$if_real}/snort.stats", ""); + } + } +} + +function snort_postinstall() +{ + global $config, $g, $snort_pfsense_basever, $snort_arch; + + /* snort -> advanced features */ + if (is_array($config['installedpackages']['snortglobal'])) { + $bpfbufsize = $config['installedpackages']['snortglobal']['bpfbufsize']; + $bpfmaxbufsize = $config['installedpackages']['snortglobal']['bpfmaxbufsize']; + $bpfmaxinsns = $config['installedpackages']['snortglobal']['bpfmaxinsns']; + } + + /* cleanup default files */ + @rename('/usr/local/etc/snort/snort.conf-sample', '/usr/local/etc/snort/snort.conf'); + @rename('/usr/local/etc/snort/threshold.conf-sample', '/usr/local/etc/snort/threshold.conf'); + @rename('/usr/local/etc/snort/sid-msg.map-sample', '/usr/local/etc/snort/sid-msg.map'); + @rename('/usr/local/etc/snort/unicode.map-sample', '/usr/local/etc/snort/unicode.map'); + @rename('/usr/local/etc/snort/classification.config-sample', '/usr/local/etc/snort/classification.config'); + @rename('/usr/local/etc/snort/generators-sample', '/usr/local/etc/snort/generators'); + @rename('/usr/local/etc/snort/reference.config-sample', '/usr/local/etc/snort/reference.config'); + @rename('/usr/local/etc/snort/gen-msg.map-sample', '/usr/local/etc/snort/gen-msg.map'); + @unlink('/usr/local/etc/snort/sid'); + @unlink('/usr/local/etc/rc.d/snort'); + @unlink('/usr/local/etc/rc.d/bardyard2'); + + /* remove example files */ + if (file_exists('/usr/local/lib/snort/dynamicrules/lib_sfdynamic_example_rule.so.0')) + exec('/bin/rm /usr/local/lib/snort/dynamicrules/lib_sfdynamic_example*'); + + if (file_exists('/usr/local/lib/snort/dynamicpreprocessor/lib_sfdynamic_preprocessor_example.so')) + exec('/bin/rm /usr/local/lib/snort/dynamicpreprocessor/lib_sfdynamic_preprocessor_example*'); + + /* create a few directories and ensure the sample files are in place */ + if (!is_dir('/usr/local/etc/snort')) + exec('/bin/mkdir -p /usr/local/etc/snort/custom_rules'); + if (!is_dir('/usr/local/etc/snort/whitelist')) + exec('/bin/mkdir -p /usr/local/etc/snort/whitelist/'); + /* NOTE: the diff between the if check and the exec() extra run is by design */ + if (!is_dir('/var/log/snort')) + exec('/bin/mkdir -p /var/log/snort/run'); + else + exec('/bin/rm -r /var/log/snort/*; /bin/mkdir -p /var/log/snort/run'); + + if (!is_dir('/var/log/snort/barnyard2')) + exec('/bin/mkdir -p /var/log/snort/barnyard2'); + if (!is_dir('/usr/local/lib/snort/dynamicrules/')) + exec('/bin/mkdir -p /usr/local/lib/snort/dynamicrules/'); + if (!file_exists('/var/db/whitelist')) + touch('/var/db/whitelist'); + + /* XXX: These are needed if you run snort as snort user + mwexec('/usr/sbin/chown -R snort:snort /var/log/snort', true); + mwexec('/usr/sbin/chown -R snort:snort /usr/local/etc/snort', true); + mwexec('/usr/sbin/chown -R snort:snort /usr/local/lib/snort', true); + mwexec('/usr/sbin/chown snort:snort /tmp/snort*', true); + mwexec('/usr/sbin/chown snort:snort /var/db/whitelist', true); + */ + /* important */ + mwexec('/bin/chmod 660 /var/db/whitelist', true); + mwexec('/bin/chmod -R 660 /usr/local/etc/snort/*', true); + mwexec('/bin/chmod -R 660 /tmp/snort*', true); + mwexec('/bin/chmod -R 660 /var/run/snort*', true); + mwexec('/bin/chmod -R 660 /var/snort/run/*', true); + mwexec('/bin/chmod 770 /usr/local/lib/snort', true); + mwexec('/bin/chmod 770 /usr/local/etc/snort', true); + mwexec('/bin/chmod 770 /usr/local/etc/whitelist', true); + mwexec('/bin/chmod 770 /var/log/snort', true); + mwexec('/bin/chmod 770 /var/log/snort/run', true); + mwexec('/bin/chmod 770 /var/log/snort/barnyard2', true); + + /* move files around, make it look clean */ + mwexec('/bin/mkdir -p /usr/local/www/snort/css'); + mwexec('/bin/mkdir -p /usr/local/www/snort/images'); + + chdir ("/usr/local/www/snort/css/"); + exec('/usr/bin/fetch http://www.pfsense.com/packages/config/snort/css/style.css'); + exec('/usr/bin/fetch http://www.pfsense.com/packages/config/snort/css/sexybuttons.css'); + chdir("/usr/local/www/snort/images/"); + exec('/usr/bin/fetch http://www.pfsense.com/packages/config/snort/images/alert.jpg'); + exec('/usr/bin/fetch http://www.pfsense.com/packages/config/snort/images/down.gif'); + exec('/usr/bin/fetch http://www.pfsense.com/packages/config/snort/images/down2.gif'); + exec('/usr/bin/fetch http://www.pfsense.com/packages/config/snort/images/icon-table-sort.png'); + exec('/usr/bin/fetch http://www.pfsense.com/packages/config/snort/images/icon-table-sort-asc.png'); + exec('/usr/bin/fetch http://www.pfsense.com/packages/config/snort/images/icon-table-sort-desc.png'); + exec('/usr/bin/fetch http://www.pfsense.com/packages/config/snort/images/up.gif'); + exec('/usr/bin/fetch http://www.pfsense.com/packages/config/snort/images/up2.gif'); + exec('/usr/bin/fetch http://www.pfsense.com/packages/config/snort/images/logo.jpg'); + exec('/usr/bin/fetch http://www.pfsense.com/packages/config/snort/images/icon_excli.png'); + exec('/usr/bin/fetch http://www.pfsense.com/packages/config/snort/images/arrow_down.png'); + exec('/usr/bin/fetch http://www.pfsense.com/packages/config/snort/images/awesome-overlay-sprite.png'); + exec('/usr/bin/fetch http://www.pfsense.com/packages/config/snort/images/logo22.png'); + exec('/usr/bin/fetch http://www.pfsense.com/packages/config/snort/images/page_white_text.png'); + + /* remake saved settings */ + if ($config['installedpackages']['snortglobal']['forcekeepsettings'] == 'on') { + update_status(gettext("Saved settings detected...")); + update_output_window(gettext("Please wait... rebuilding files...")); + sync_snort_package_config(); + update_output_window(gettext("Finnished Rebuilding files...")); + } +} + +function snort_Getdirsize($node) { + if(!is_readable($node)) + return false; + + $blah = exec( "/usr/bin/du -kd $node" ); + return substr( $blah, 0, strpos($blah, 9) ); +} + +/* func for log dir size limit cron */ +function snort_snortloglimit_install_cron($should_install) { + global $config, $g; + + if (!is_array($config['cron']['item'])) + $config['cron']['item'] = array(); + + $x=0; + $is_installed = false; + foreach($config['cron']['item'] as $item) { + if (strstr($item['command'], '/usr/local/pkg/snort/snort_check_cron_misc.inc')) { + $is_installed = true; + break; + } + $x++; + } + + switch($should_install) { + case true: + if(!$is_installed) { + + $cron_item = array(); + $cron_item['minute'] = "*/5"; + $cron_item['hour'] = "*"; + $cron_item['mday'] = "*"; + $cron_item['month'] = "*"; + $cron_item['wday'] = "*"; + $cron_item['who'] = "root"; + $cron_item['command'] = "/usr/bin/nice -n20 /usr/local/bin/php -f /usr/local/pkg/snort/snort_check_cron_misc.inc"; + $config['cron']['item'][] = $cron_item; + } + break; + case false: + if($is_installed == true) + unset($config['cron']['item'][$x]); + break; + } +} + +/* func for updating cron */ +function snort_rm_blocked_install_cron($should_install) { + global $config, $g; + + if (!is_array($config['cron']['item'])) + $config['cron']['item'] = array(); + + $x=0; + $is_installed = false; + foreach($config['cron']['item'] as $item) { + if (strstr($item['command'], "snort2c")) { + $is_installed = true; + break; + } + $x++; + } + + $snort_rm_blocked_info_ck = $config['installedpackages']['snortglobal']['rm_blocked']; + if ($snort_rm_blocked_info_ck == "1h_b") { + $snort_rm_blocked_min = "*/5"; + $snort_rm_blocked_hr = "*"; + $snort_rm_blocked_mday = "*"; + $snort_rm_blocked_month = "*"; + $snort_rm_blocked_wday = "*"; + $snort_rm_blocked_expire = "3600"; + } + if ($snort_rm_blocked_info_ck == "3h_b") { + $snort_rm_blocked_min = "*/15"; + $snort_rm_blocked_hr = "*"; + $snort_rm_blocked_mday = "*"; + $snort_rm_blocked_month = "*"; + $snort_rm_blocked_wday = "*"; + $snort_rm_blocked_expire = "10800"; + } + if ($snort_rm_blocked_info_ck == "6h_b") { + $snort_rm_blocked_min = "*/30"; + $snort_rm_blocked_hr = "*"; + $snort_rm_blocked_mday = "*"; + $snort_rm_blocked_month = "*"; + $snort_rm_blocked_wday = "*"; + $snort_rm_blocked_expire = "21600"; + } + if ($snort_rm_blocked_info_ck == "12h_b") { + $snort_rm_blocked_min = "2"; + $snort_rm_blocked_hr = "*/1"; + $snort_rm_blocked_mday = "*"; + $snort_rm_blocked_month = "*"; + $snort_rm_blocked_wday = "*"; + $snort_rm_blocked_expire = "43200"; + } + if ($snort_rm_blocked_info_ck == "1d_b") { + $snort_rm_blocked_min = "2"; + $snort_rm_blocked_hr = "*/2"; + $snort_rm_blocked_mday = "*"; + $snort_rm_blocked_month = "*"; + $snort_rm_blocked_wday = "*"; + $snort_rm_blocked_expire = "86400"; + } + if ($snort_rm_blocked_info_ck == "4d_b") { + $snort_rm_blocked_min = "2"; + $snort_rm_blocked_hr = "*/8"; + $snort_rm_blocked_mday = "*"; + $snort_rm_blocked_month = "*"; + $snort_rm_blocked_wday = "*"; + $snort_rm_blocked_expire = "345600"; + } + if ($snort_rm_blocked_info_ck == "7d_b") { + $snort_rm_blocked_min = "2"; + $snort_rm_blocked_hr = "*/14"; + $snort_rm_blocked_mday = "*"; + $snort_rm_blocked_month = "*"; + $snort_rm_blocked_wday = "*"; + $snort_rm_blocked_expire = "604800"; + } + if ($snort_rm_blocked_info_ck == "28d_b") { + $snort_rm_blocked_min = "2"; + $snort_rm_blocked_hr = "0"; + $snort_rm_blocked_mday = "*/2"; + $snort_rm_blocked_month = "*"; + $snort_rm_blocked_wday = "*"; + $snort_rm_blocked_expire = "2419200"; + } + switch($should_install) { + case true: + if(!$is_installed) { + $cron_item = array(); + $cron_item['minute'] = "$snort_rm_blocked_min"; + $cron_item['hour'] = "$snort_rm_blocked_hr"; + $cron_item['mday'] = "$snort_rm_blocked_mday"; + $cron_item['month'] = "$snort_rm_blocked_month"; + $cron_item['wday'] = "$snort_rm_blocked_wday"; + $cron_item['who'] = "root"; + $cron_item['command'] = "/usr/bin/nice -n20 /usr/local/sbin/expiretable -t $snort_rm_blocked_expire snort2c"; + $config['cron']['item'][] = $cron_item; + } + break; + case false: + if ($is_installed == true) + unset($config['cron']['item'][$x]); + break; + } +} + +/* func to install snort update */ +function snort_rules_up_install_cron($should_install) { + global $config, $g; + + if(!$config['cron']['item']) + $config['cron']['item'] = array(); + + $x=0; + $is_installed = false; + foreach($config['cron']['item'] as $item) { + if (strstr($item['command'], "snort_check_for_rule_updates.php")) { + $is_installed = true; + break; + } + $x++; + } + $snort_rules_up_info_ck = $config['installedpackages']['snortglobal']['autorulesupdate7']; + if ($snort_rules_up_info_ck == "6h_up") { + $snort_rules_up_min = "3"; + $snort_rules_up_hr = "*/6"; + $snort_rules_up_mday = "*"; + $snort_rules_up_month = "*"; + $snort_rules_up_wday = "*"; + } + if ($snort_rules_up_info_ck == "12h_up") { + $snort_rules_up_min = "3"; + $snort_rules_up_hr = "*/12"; + $snort_rules_up_mday = "*"; + $snort_rules_up_month = "*"; + $snort_rules_up_wday = "*"; + } + if ($snort_rules_up_info_ck == "1d_up") { + $snort_rules_up_min = "3"; + $snort_rules_up_hr = "0"; + $snort_rules_up_mday = "*/1"; + $snort_rules_up_month = "*"; + $snort_rules_up_wday = "*"; + } + if ($snort_rules_up_info_ck == "4d_up") { + $snort_rules_up_min = "3"; + $snort_rules_up_hr = "0"; + $snort_rules_up_mday = "*/4"; + $snort_rules_up_month = "*"; + $snort_rules_up_wday = "*"; + } + if ($snort_rules_up_info_ck == "7d_up") { + $snort_rules_up_min = "3"; + $snort_rules_up_hr = "0"; + $snort_rules_up_mday = "*/7"; + $snort_rules_up_month = "*"; + $snort_rules_up_wday = "*"; + } + if ($snort_rules_up_info_ck == "28d_up") { + $snort_rules_up_min = "3"; + $snort_rules_up_hr = "0"; + $snort_rules_up_mday = "*/28"; + $snort_rules_up_month = "*"; + $snort_rules_up_wday = "*"; + } + switch($should_install) { + case true: + if(!$is_installed) { + $cron_item = array(); + $cron_item['minute'] = "$snort_rules_up_min"; + $cron_item['hour'] = "$snort_rules_up_hr"; + $cron_item['mday'] = "$snort_rules_up_mday"; + $cron_item['month'] = "$snort_rules_up_month"; + $cron_item['wday'] = "$snort_rules_up_wday"; + $cron_item['who'] = "root"; + $cron_item['command'] = "/usr/bin/nice -n20 /usr/local/bin/php -f /usr/local/pkg/snort/snort_check_for_rule_updates.php >> /tmp/snort_update.log"; + $config['cron']['item'][] = $cron_item; + } + break; + case false: + if($is_installed == true) + unset($config['cron']['item'][$x]); + break; + } +} + +/* Only run when all ifaces needed to sync. Expects filesystem rw */ +function sync_snort_package_config() +{ + global $config, $g; + + /* RedDevil suggested code */ + /* TODO: more testing needs to be done */ + /* may cause voip to fail */ + //exec("/sbin/sysctl net.bpf.bufsize=8388608"); + //exec("/sbin/sysctl net.bpf.maxbufsize=4194304"); + //exec("/sbin/sysctl net.bpf.maxinsns=512"); + //exec("/sbin/sysctl net.inet.tcp.rfc1323=1"); + + conf_mount_rw(); + + /* do not start config build if rules is empty */ + if (!is_array($config['installedpackages']['snortglobal']['rule'])) { + exec('/bin/rm /usr/local/etc/rc.d/snort.sh'); + conf_mount_ro(); + return; + } + + foreach ($config['installedpackages']['snortglobal']['rule'] as $id => $value) { + $if_real = snort_get_real_interface($value['interface']); + $snort_uuid = $value['uuid']; + + if ($if_real != '' && $snort_uuid != '') { + + /* only build whitelist when needed */ + if ($value['blockoffenders7'] == 'on') + create_snort_whitelist($id, $if_real); + + /* only build threshold when needed */ + if ($value['suppresslistname'] != 'default') + create_snort_suppress($id, $if_real); + + /* create snort configuration file */ + create_snort_conf($id, $if_real, $snort_uuid); + + /* if rules exist cp rules to each iface */ + create_rules_iface($id, $if_real, $snort_uuid); + + /* create barnyard2 configuration file */ + if ($value['barnyard_enable'] == 'on') + create_barnyard2_conf($id, $if_real, $snort_uuid); + } + } + + /* create snort bootup file snort.sh only create once */ + create_snort_sh(); + + /* all new files are for the user snort nologin */ + if (!is_dir("/var/log/snort/{$snort_uuid}_{$if_real}")) + exec("/bin/mkdir -p /var/log/snort/{$snort_uuid}_{$if_real}"); + + if (!is_dir('/var/log/snort/run')) + exec('/bin/mkdir -p /var/log/snort/run'); + + if (!is_dir("/var/log/snort/barnyard2/{$snort_uuid}_{$if_real}")) + exec("/bin/mkdir -p /var/log/snort/barnyard2/{$snort_uuid}_{$if_real}"); + + /* XXX: These are needed if snort is run as snort user + mwexec('/usr/sbin/chown -R snort:snort /var/log/snort', true); + mwexec('/usr/sbin/chown -R snort:snort /usr/local/etc/snort', true); + mwexec('/usr/sbin/chown -R snort:snort /usr/local/lib/snort', true); + mwexec('/usr/sbin/chown snort:snort /tmp/snort*', true); + mwexec('/usr/sbin/chown snort:snort /var/db/whitelist', true); + */ + + /* important */ + mwexec('/bin/chmod 770 /var/db/whitelist', true); + mwexec('/bin/chmod 770 /var/run/snort*', true); + mwexec('/bin/chmod 770 /tmp/snort*', true); + mwexec('/bin/chmod -R 770 /var/log/snort', true); + mwexec('/bin/chmod -R 770 /usr/local/lib/snort', true); + mwexec('/bin/chmod -R 770 /usr/local/etc/snort/', true); + + conf_mount_ro(); +} + +/* Start of main config files */ + +/* create threshold file */ +function create_snort_suppress($id, $if_real) { + global $config, $g; + + /* make sure dir is there */ + if (!is_dir('/usr/local/etc/snort/suppress')) + exec('/bin/mkdir -p /usr/local/etc/snort/suppress'); + + if (!is_array($config['installedpackages']['snortglobal']['rule'])) + return; + + if ($config['installedpackages']['snortglobal']['rule'][$id]['suppresslistname'] != 'default') { + $whitelist_key_s = find_suppress_key($config['installedpackages']['snortglobal']['rule'][$id]['suppresslistname']); + + /* file name */ + $suppress_file_name = $config['installedpackages']['snortglobal']['suppress']['item'][$whitelist_key_s]['name']; + + /* Message */ + $s_data = '# This file is auto generated by the snort package. Please do not edit this file by hand.' . "\n\n"; + + /* user added arguments */ + $s_data .= str_replace("\r", "", base64_decode($config['installedpackages']['snortglobal']['suppress']['item'][$whitelist_key_s]['suppresspassthru'])); + + /* open snort's whitelist for writing */ + @file_put_contents("/usr/local/etc/snort/suppress/$suppress_file_name", $s_data); + } +} + +function create_snort_whitelist($id, $if_real) { + global $config, $g; + + /* make sure dir is there */ + if (!is_dir('/usr/local/etc/snort/whitelist')) + exec('/bin/mkdir -p /usr/local/etc/snort/whitelist'); + + if ($config['installedpackages']['snortglobal']['rule'][$id]['whitelistname'] == 'default') { + + $w_data = build_base_whitelist('whitelist', 'yes', 'yes', 'yes', 'yes', 'yes', 'no'); + + /* open snort's whitelist for writing */ + @file_put_contents("/usr/local/etc/snort/whitelist/defaultwlist", $w_data); + + } else if (!empty($config['installedpackages']['snortglobal']['rule'][$id]['whitelistname'])) { + $whitelist_key_w = find_whitelist_key($config['installedpackages']['snortglobal']['rule'][$id]['whitelistname']); + + if (!is_array($config['installedpackages']['snortglobal']['whitelist']['item'])) + return; + + $whitelist = $config['installedpackages']['snortglobal']['whitelist']['item'][$whitelist_key_w]; + $w_data = build_base_whitelist($whitelist['snortlisttype'], $whitelist['wanips'], $whitelist['wangateips'], + $whitelist['wandnsips'], $whitelist['vips'], $whitelist['vpnips'], $whitelist_key_w); + + /* open snort's whitelist for writing */ + @file_put_contents("/usr/local/etc/snort/whitelist/" . $config['installedpackages']['snortglobal']['rule'][$id]['whitelistname'], $w_data); + } +} + +function create_snort_homenet($id, $if_real) { + global $config, $g; + + if ($config['installedpackages']['snortglobal']['rule'][$id]['homelistname'] == 'default' || $config['installedpackages']['snortglobal']['rule'][$id]['homelistname'] == '') + return build_base_whitelist('netlist', 'yes', 'yes', 'yes', 'yes', 'yes', 'no'); + else if (!empty($config['installedpackages']['snortglobal']['rule'][$id]['homelistname'])) { + $whitelist_key_h = find_whitelist_key($config['installedpackages']['snortglobal']['rule'][$id]['homelistname']); + + if (!is_array($config['installedpackages']['snortglobal']['whitelist']['item'])) + return; + + $build_netlist_h = $config['installedpackages']['snortglobal']['whitelist']['item'][$whitelist_key_h]['snortlisttype']; + $wanip_h = $config['installedpackages']['snortglobal']['whitelist']['item'][$whitelist_key_h]['wanips']; + $wangw_h = $config['installedpackages']['snortglobal']['whitelist']['item'][$whitelist_key_h]['wangateips']; + $wandns_h = $config['installedpackages']['snortglobal']['whitelist']['item'][$whitelist_key_h]['wandnsips']; + $vips_h = $config['installedpackages']['snortglobal']['whitelist']['item'][$whitelist_key_h]['vips']; + $vpns_h = $config['installedpackages']['snortglobal']['whitelist']['item'][$whitelist_key_h]['vpnips']; + + return build_base_whitelist($build_netlist_h, $wanip_h, $wangw_h, $wandns_h, $vips_h, $vpns_h, $whitelist_key_h); + } +} + +function create_snort_externalnet($id, $if_real) { + global $config, $g; + + if (!empty($config['installedpackages']['snortglobal']['rule'][$id]['externallistname'])) { + $whitelist_key_ex = find_whitelist_key($config['installedpackages']['snortglobal']['rule'][$id]['externallistname']); + + if (!is_array($config['installedpackages']['snortglobal']['whitelist']['item'])) + return; + + $build_netlist_ex = $config['installedpackages']['snortglobal']['whitelist']['item'][$whitelist_key_ex]['snortlisttype']; + $wanip_ex = $config['installedpackages']['snortglobal']['whitelist']['item'][$whitelist_key_ex]['wanips']; + $wangw_ex = $config['installedpackages']['snortglobal']['whitelist']['item'][$whitelist_key_ex]['wangateips']; + $wandns_ex = $config['installedpackages']['snortglobal']['whitelist']['item'][$whitelist_key_ex]['wandnsips']; + $vips_ex = $config['installedpackages']['snortglobal']['whitelist']['item'][$whitelist_key_ex]['vips']; + $vpns_ex = $config['installedpackages']['snortglobal']['whitelist']['item'][$whitelist_key_ex]['vpnips']; + + return build_base_whitelist($build_netlist_ex, $wanip_ex, $wangw_ex, $wandns_ex, $vips_ex, $vpns_ex, $whitelist_key_ex); + } +} + +/* open snort.sh for writing" */ +function create_snort_sh() +{ + global $config, $g; + + if (!is_array($config['installedpackages']['snortglobal']['rule'])) + return; + + $snortconf =& $config['installedpackages']['snortglobal']['rule']; + + $snort_sh_text3 = array(); + $snort_sh_text4 = array(); + + /* do not start config build if rules is empty */ + if (!empty($snortconf)) { + foreach ($snortconf as $value) { + $snort_uuid = $value['uuid']; + $result_lan = $value['interface']; + $if_real = snort_get_real_interface($result_lan); + + /* define snortbarnyardlog_chk */ + $snortbarnyardlog_info_chk = $value['barnyard_enable']; + + if ($snortbarnyardlog_info_chk == 'on') + $start_barnyard2 = "sleep 4;/usr/local/bin/barnyard2 -f snort.u2 --pid-path /var/log/snort/run -c /usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}/barnyard2.conf -d /var/log/snort/{$snort_uuid}_{$if_real} -D -q"; + + $snort_sh_text3[] = <<<EOE + +###### For Each Iface + +#### Fake start only used on bootup and Pfsense IP changes +#### Only try to restart if snort is running on Iface +if [ "`/bin/pgrep -f 'snort.*R {$snort_uuid}'`" != "" ]; then + snort_pid=`/bin/pgrep -f 'snort.*R {$snort_uuid}'` + /usr/bin/logger -p daemon.info -i -t SnortStartup "Snort already running, soft restart" + + #### Restart Iface + /bin/kill -HUP \${snort_pid} + /usr/bin/logger -p daemon.info -i -t SnortStartup "Snort Soft Reload For {$snort_uuid}_{$if_real}..." +else + # Start snort and barnyard2 + /bin/echo "snort.sh run" > /tmp/snort.sh.pid + /bin/rm /var/run/snort_{$snort_uuid}_{$if_real}.pid + + /usr/local/bin/snort -R {$snort_uuid} -D -q -l /var/log/snort/{$snort_uuid}_{$if_real} --pid-path /var/log/snort/run -G {$snort_uuid} -c /usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}/snort.conf -i {$if_real} + $start_barnyard2 + + /usr/bin/logger -p daemon.info -i -t SnortStartup "Snort HARD START For {$snort_uuid}_{$if_real}..." +fi + +EOE; + + $snort_sh_text4[] = <<<EOF + +pid_s=`/bin/pgrep -f 'snort.*R {$snort_uuid}'` +sleep 3 +pid_b=`/bin/pgrep -f 'barnyard2.*{$snort_uuid}_{$if_real}'` +if [ \${pid_s} ] ; then + + /bin/echo "snort.sh run" > /tmp/snort.sh.pid + /usr/bin/logger -p daemon.info -i -t SnortStartup "Snort HARD STOP For {$snort_uuid}_{$if_real}..." + + /bin/kill \${pid_s} + sleep 3 + /bin/kill \${pid_b} + + /bin/rm /var/run/snort_{$snort_uuid}_{$if_real}.pid +fi + +EOF; + } + } + + + $start_snort_iface_start = implode("\n\n", $snort_sh_text3); + $start_snort_iface_stop = implode("\n\n", $snort_sh_text4); + + $snort_sh_text = <<<EOD +#!/bin/sh +######## +# This file was automatically generated +# by the pfSense service handler. +# Code added to protect from double starts on pfSense bootup +######## Begining of Main snort.sh + +rc_start() { + + /bin/echo "snort.sh run" > /tmp/snort.sh.pid + $start_snort_iface_start + /bin/rm /tmp/snort.sh.pid +} + +rc_stop() { + + $start_snort_iface_stop + /bin/rm /tmp/snort.sh.pid + /bin/rm /var/run/snort* + +} + +case $1 in + start) + rc_start + ;; + stop) + rc_stop + ;; + restart) + rc_start + ;; +esac + +EOD; + + /* write out snort.sh */ + $bconf = fopen("/usr/local/etc/rc.d/snort.sh", "w"); + if(!$bconf) { + log_error("Could not open /usr/local/etc/rc.d/snort.sh for writing."); + return; + } + fwrite($bconf, $snort_sh_text); + fclose($bconf); + @chmod("/usr/local/etc/rc.d/snort.sh", 0755); +} + +/* if rules exist copy to new interfaces */ +function create_rules_iface($id, $if_real, $snort_uuid) +{ + global $config, $g; + + $if_rule_dir = "/usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}"; + $folder_chk = (count(glob("{$if_rule_dir}/rules/*")) === 0) ? 'empty' : 'full'; + + if ($folder_chk == "empty") { + if (!is_dir("/usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}/rules")) + exec("/bin/mkdir -p /usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}/rules"); + exec("/bin/cp /usr/local/etc/snort/rules/* {$if_rule_dir}/rules"); + if (file_exists("/usr/local/etc/snort/custom_rules/local_{$snort_uuid}_{$if_real}.rules")) + exec("/bin/cp /usr/local/etc/snort/custom_rules/local_{$snort_uuid}_{$if_real}.rules {$if_rule_dir}/local_{$snort_uuid}_{$if_real}.rules"); + } +} + +/* open barnyard2.conf for writing */ +function create_barnyard2_conf($id, $if_real, $snort_uuid) { + global $config, $g; + + if (!file_exists("/usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}/barnyard2.conf")) + exec("/usr/bin/touch /usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}/barnyard2.conf"); + + if (!file_exists("/var/log/snort/{$snort_uuid}_{$if_real}/barnyard2.waldo")) { + mwexec("/usr/bin/touch /var/log/snort/{$snort_uuid}_{$if_real}/barnyard2.waldo", true); + /* XXX: This is needed if snort is run as snort user */ + //mwexec("/usr/sbin/chown snort:snort /var/log/snort/barnyard2/{$snort_uuid}_{$if_real}.waldo", true); + mwexec("/bin/chmod 770 /var/log/snort/{$snort_uuid}_{$if_real}/barnyard2.waldo", true); + } + + $barnyard2_conf_text = generate_barnyard2_conf($id, $if_real, $snort_uuid); + + /* write out barnyard2_conf */ + $bconf = fopen("/usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}/barnyard2.conf", "w"); + if(!$bconf) { + log_error("Could not open /usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}/barnyard2.conf for writing."); + return; + } + fwrite($bconf, $barnyard2_conf_text); + fclose($bconf); +} + +/* open barnyard2.conf for writing" */ +function generate_barnyard2_conf($id, $if_real, $snort_uuid) { + global $config, $g; + + /* define snortbarnyardlog */ + /* TODO: add support for the other 5 output plugins */ + + $snortbarnyardlog_database_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['barnyard_mysql']; + $snortbarnyardlog_hostname_info_chk = exec("/bin/hostname"); + /* user add arguments */ + $snortbarnyardlog_config_pass_thru = str_replace("\r", "", base64_decode($config['installedpackages']['snortglobal']['rule'][$id]['barnconfigpassthru'])); + + $barnyard2_conf_text = <<<EOD + +# barnyard2.conf +# barnyard2 can be found at http://www.securixlive.com/barnyard2/index.php +# +# set the appropriate paths to the file(s) your Snort process is using + +config reference_file: /usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}/reference.config +config classification_file: /usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}/classification.config +config gen_file: /usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}/gen-msg.map +config sid_file: /usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}/sid-msg.map + +config hostname: $snortbarnyardlog_hostname_info_chk +config interface: {$snort_uuid}_{$if_real} +config decode_data_link +config waldo_file: /var/log/snort/{$snort_uuid}_{$if_real}/barnyard2.waldo + +## START user pass through ## + + {$snortbarnyardlog_config_pass_thru} + +## END user pass through ## + +# Step 2: setup the input plugins +input unified2 + +config logdir: /var/log/snort/{$snort_uuid}_{$if_real} + +# database: log to a variety of databases +# output database: log, mysql, user=xxxx password=xxxxxx dbname=xxxx host=xxx.xxx.xxx.xxxx + + $snortbarnyardlog_database_info_chk + +EOD; + + return $barnyard2_conf_text; +} + +function create_snort_conf($id, $if_real, $snort_uuid) +{ + global $config, $g; + + if (!empty($if_real)&& !empty($snort_uuid)) { + if (!is_dir("/usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}")) { + exec("/bin/mkdir -p /usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}"); + @touch("/usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}/snort.conf"); + } + + $snort_conf_text = generate_snort_conf($id, $if_real, $snort_uuid); + if (empty($snort_conf_text)) + return; + + /* write out snort.conf */ + $conf = fopen("/usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}/snort.conf", "w"); + if(!$conf) { + log_error("Could not open /usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}/snort.conf for writing."); + return -1; + } + fwrite($conf, $snort_conf_text); + fclose($conf); + } +} + +function snort_deinstall() { + global $config, $g; + + /* remove custom sysctl */ + remove_text_from_file("/etc/sysctl.conf", "sysctl net.bpf.bufsize=20480"); + + /* decrease bpf buffers back to 4096, from 20480 */ + exec('/sbin/sysctl net.bpf.bufsize=4096'); + mwexec('/usr/bin/killall snort', true); + sleep(2); + mwexec('/usr/bin/killall -9 snort', true); + sleep(2); + mwexec('/usr/bin/killall barnyard2', true); + sleep(2); + mwexec('/usr/bin/killall -9 barnyard2', true); + sleep(2); + mwexec('/usr/sbin/pw userdel snort; /usr/sbin/pw groupdel snort', true); + mwexec('/bin/rm -rf /usr/local/etc/snort*; /bin/rm -rf /usr/local/pkg/snort*', true); + mwexec('/bin/rm -r /usr/local/bin/barnyard2', true); + mwexec('/bin/rm -rf /usr/local/www/snort; /bin/rm -rf /var/log/snort; /bin/rm -rf /usr/local/lib/snort', true); + + /* Remove snort cron entries Ugly code needs smoothness*/ + if (!function_exists('snort_deinstall_cron')) { + function snort_deinstall_cron($crontask) { + global $config, $g; + + if(!is_array($config['cron']['item'])) + return; + + $x=0; + $is_installed = false; + foreach($config['cron']['item'] as $item) { + if (strstr($item['command'], $crontask)) { + $is_installed = true; + break; + } + $x++; + } + if ($is_installed == true) + unset($config['cron']['item'][$x]); + } + } + + snort_deinstall_cron("snort2c"); + snort_deinstall_cron("snort_check_for_rule_updates.php"); + snort_deinstall_cron("/usr/local/pkg/snort/snort_check_cron_misc.inc"); + configure_cron(); + + /* Unset snort registers in conf.xml IMPORTANT snort will not start with out this */ + /* Keep this as a last step */ + if ($config['installedpackages']['snortglobal']['forcekeepsettings'] != 'on') + unset($config['installedpackages']['snortglobal']); +} + +function generate_snort_conf($id, $if_real, $snort_uuid) +{ + global $config, $g, $snort_pfsense_basever; + + if (!is_array($config['installedpackages']['snortglobal']['rule'])) + return; + + $snortcfg =& $config['installedpackages']['snortglobal']['rule'][$id]; + + /* custom home nets */ + $home_net = create_snort_homenet($id, $if_real); + + if ($snortcfg['externallistname'] == 'default') + $external_net = '!$HOME_NET'; + else + $external_net = create_snort_externalnet($id, $if_real); + + /* obtain external interface */ + /* XXX: make multi wan friendly */ + $snort_ext_int = $snortcfg['interface']; + + /* user added arguments */ + $snort_config_pass_thru = str_replace("\r", "", base64_decode($snortcfg['configpassthru'])); + + /* create basic files */ + if (!is_dir("/usr/local/etc/snort/snort/snort_{$snort_uuid}_{$if_real}")) + exec("/bin/mkdir -p /usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}"); + + exec("/bin/cp /usr/local/etc/snort/gen-msg.map /usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}/gen-msg.map"); + exec("/bin/cp /usr/local/etc/snort/classification.config /usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}/classification.config"); + exec("/bin/cp /usr/local/etc/snort/reference.config /usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}/reference.config"); + exec("/bin/cp /usr/local/etc/snort/sid-msg.map /usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}/sid-msg.map"); + exec("/bin/cp /usr/local/etc/snort/unicode.map /usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}/unicode.map"); + exec("/bin/cp /usr/local/etc/snort/threshold.conf /usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}/threshold.conf"); + exec("/usr/bin/touch /usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}/barnyard2.conf"); + + if (!is_dir("/usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}/rules")) + exec("/bin/mkdir -p /usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}/rules"); + + /* define basic log filename */ + $snortunifiedlogbasic_type = ""; + if ($snortcfg['snortunifiedlogbasic'] == "on") + $snortunifiedlogbasic_type = "output unified: filename snort.u1, limit 128"; + + /* + * + * define cvs log filename + * this should be the default instead of alert_full it is much easier to parse + * + */ + $snortalertcvs_type = ""; + if ($snortcfg['snortalertcvs'] == "on") + $snortalertcvs_type = "output alert_csv: /var/log/alert.csv default 128"; + + /* define snortalertlogtype */ + if ($config['installedpackages']['snortglobal']['snortalertlogtype'] == "fast") + $snortalertlogtype_type = "output alert_fast: alert"; + else + $snortalertlogtype_type = "output alert_full: alert"; + + /* define alertsystemlog */ + $alertsystemlog_type = ""; + if ($snortcfg['alertsystemlog'] == "on") + $alertsystemlog_type = "output alert_syslog: log_alert"; + + /* define tcpdumplog */ + $tcpdumplog_type = ""; + if ($snortcfg['tcpdumplog'] == "on") + $tcpdumplog_type = "output log_tcpdump: snort.tcpdump"; + + /* define snortunifiedlog */ + $snortunifiedlog_type = ""; + if ($snortcfg['snortunifiedlog'] == "on") + $snortunifiedlog_type = "output unified2: filename snort.u2, limit 128"; + + /* define spoink */ + $spoink_type = ""; + if ($snortcfg['blockoffenders7'] == "on") { + if ($snortcfg['whitelistname'] == "default") + $spoink_whitelist_name = 'defaultwlist'; + else if (file_exists("/usr/local/etc/snort/whitelist/{$snortcfg['whitelistname']}")) + $spoink_whitelist_name = $snortcfg['whitelistname']; + + $pfkill = ""; + if ($snortcfg['blockoffenderskill'] == "on") + $pfkill = "kill"; + + $spoink_type = "output alert_pf: /usr/local/etc/snort/whitelist/{$spoink_whitelist_name},snort2c,{$snortcfg['blockoffendersip']},{$pfkill}"; + } + + /* define threshold file */ + $threshold_file_name = ""; + if ($snortcfg['suppresslistname'] != 'default') { + if (file_exists("/usr/local/etc/snort/suppress/{$snortcfg['suppresslistname']}")) + $threshold_file_name = "include /usr/local/etc/snort/suppress/{$snortcfg['suppresslistname']}"; + } + + /* define servers and ports snortdefservers */ + /* def DNS_SERVSERS */ + $def_dns_servers_info_chk = $snortcfg['def_dns_servers']; + if ($def_dns_servers_info_chk == "") + $def_dns_servers_type = "\$HOME_NET"; + else + $def_dns_servers_type = "$def_dns_servers_info_chk"; + + /* def DNS_PORTS */ + $def_dns_ports_info_chk = $snortcfg['def_dns_ports']; + if ($def_dns_ports_info_chk == "") + $def_dns_ports_type = "53"; + else + $def_dns_ports_type = "$def_dns_ports_info_chk"; + + /* def SMTP_SERVSERS */ + $def_smtp_servers_info_chk = $snortcfg['def_smtp_servers']; + if ($def_smtp_servers_info_chk == "") + $def_smtp_servers_type = "\$HOME_NET"; + else + $def_smtp_servers_type = "$def_smtp_servers_info_chk"; + + /* def SMTP_PORTS */ + $def_smtp_ports_info_chk = $snortcfg['def_smtp_ports']; + if ($def_smtp_ports_info_chk == "") + $def_smtp_ports_type = "25"; + else + $def_smtp_ports_type = "$def_smtp_ports_info_chk"; + + /* def MAIL_PORTS */ + $def_mail_ports_info_chk = $snortcfg['def_mail_ports']; + if ($def_mail_ports_info_chk == "") + $def_mail_ports_type = "25,143,465,691"; + else + $def_mail_ports_type = "$def_mail_ports_info_chk"; + + /* def HTTP_SERVSERS */ + $def_http_servers_info_chk = $snortcfg['def_http_servers']; + if ($def_http_servers_info_chk == "") + $def_http_servers_type = "\$HOME_NET"; + else + $def_http_servers_type = "$def_http_servers_info_chk"; + + /* def WWW_SERVSERS */ + $def_www_servers_info_chk = $snortcfg['def_www_servers']; + if ($def_www_servers_info_chk == "") + $def_www_servers_type = "\$HOME_NET"; + else + $def_www_servers_type = "$def_www_servers_info_chk"; + + /* def HTTP_PORTS */ + $def_http_ports_info_chk = $snortcfg['def_http_ports']; + if ($def_http_ports_info_chk == "") + $def_http_ports_type = "80"; + else + $def_http_ports_type = "$def_http_ports_info_chk"; + + /* def SQL_SERVSERS */ + $def_sql_servers_info_chk = $snortcfg['def_sql_servers']; + if ($def_sql_servers_info_chk == "") + $def_sql_servers_type = "\$HOME_NET"; + else + $def_sql_servers_type = "$def_sql_servers_info_chk"; + + /* def ORACLE_PORTS */ + $def_oracle_ports_info_chk = $snortcfg['def_oracle_ports']; + if ($def_oracle_ports_info_chk == "") + $def_oracle_ports_type = "1521"; + else + $def_oracle_ports_type = "$def_oracle_ports_info_chk"; + + /* def MSSQL_PORTS */ + $def_mssql_ports_info_chk = $snortcfg['def_mssql_ports']; + if ($def_mssql_ports_info_chk == "") + $def_mssql_ports_type = "1433"; + else + $def_mssql_ports_type = "$def_mssql_ports_info_chk"; + + /* def TELNET_SERVSERS */ + $def_telnet_servers_info_chk = $snortcfg['def_telnet_servers']; + if ($def_telnet_servers_info_chk == "") + $def_telnet_servers_type = "\$HOME_NET"; + else + $def_telnet_servers_type = "$def_telnet_servers_info_chk"; + + /* def TELNET_PORTS */ + $def_telnet_ports_info_chk = $snortcfg['def_telnet_ports']; + if ($def_telnet_ports_info_chk == "") + $def_telnet_ports_type = "23"; + else + $def_telnet_ports_type = "$def_telnet_ports_info_chk"; + + /* def SNMP_SERVSERS */ + $def_snmp_servers_info_chk = $snortcfg['def_snmp_servers']; + if ($def_snmp_servers_info_chk == "") + $def_snmp_servers_type = "\$HOME_NET"; + else + $def_snmp_servers_type = "$def_snmp_servers_info_chk"; + + /* def SNMP_PORTS */ + $def_snmp_ports_info_chk = $snortcfg['def_snmp_ports']; + if ($def_snmp_ports_info_chk == "") + $def_snmp_ports_type = "161"; + else + $def_snmp_ports_type = "$def_snmp_ports_info_chk"; + + /* def FTP_SERVSERS */ + $def_ftp_servers_info_chk = $snortcfg['def_ftp_servers']; + if ($def_ftp_servers_info_chk == "") + $def_ftp_servers_type = "\$HOME_NET"; + else + $def_ftp_servers_type = "$def_ftp_servers_info_chk"; + + /* def FTP_PORTS */ + $def_ftp_ports_info_chk = $snortcfg['def_ftp_ports']; + if ($def_ftp_ports_info_chk == "") + $def_ftp_ports_type = "21"; + else + $def_ftp_ports_type = "$def_ftp_ports_info_chk"; + + /* def SSH_SERVSERS */ + $def_ssh_servers_info_chk = $snortcfg['def_ssh_servers']; + if ($def_ssh_servers_info_chk == "") + $def_ssh_servers_type = "\$HOME_NET"; + else + $def_ssh_servers_type = "$def_ssh_servers_info_chk"; + + /* if user has defined a custom ssh port, use it */ + if(isset($config['system']['ssh']['port'])) + $ssh_port = $config['system']['ssh']['port']; + else + $ssh_port = "22"; + + /* def SSH_PORTS */ + $def_ssh_ports_info_chk = $snortcfg['def_ssh_ports']; + if ($def_ssh_ports_info_chk == "") + $def_ssh_ports_type = "{$ssh_port}"; + else + $def_ssh_ports_type = "$def_ssh_ports_info_chk"; + + /* def POP_SERVSERS */ + $def_pop_servers_info_chk = $snortcfg['def_pop_servers']; + if ($def_pop_servers_info_chk == "") + $def_pop_servers_type = "\$HOME_NET"; + else + $def_pop_servers_type = "$def_pop_servers_info_chk"; + + /* def POP2_PORTS */ + $def_pop2_ports_info_chk = $snortcfg['def_pop2_ports']; + if ($def_pop2_ports_info_chk == "") + $def_pop2_ports_type = "109"; + else + $def_pop2_ports_type = "$def_pop2_ports_info_chk"; + + /* def POP3_PORTS */ + $def_pop3_ports_info_chk = $snortcfg['def_pop3_ports']; + if ($def_pop3_ports_info_chk == "") + $def_pop3_ports_type = "110"; + else + $def_pop3_ports_type = "$def_pop3_ports_info_chk"; + + /* def IMAP_SERVSERS */ + $def_imap_servers_info_chk = $snortcfg['def_imap_servers']; + if ($def_imap_servers_info_chk == "") + $def_imap_servers_type = "\$HOME_NET"; + else + $def_imap_servers_type = "$def_imap_servers_info_chk"; + + /* def IMAP_PORTS */ + $def_imap_ports_info_chk = $snortcfg['def_imap_ports']; + if ($def_imap_ports_info_chk == "") + $def_imap_ports_type = "143"; + else + $def_imap_ports_type = "$def_imap_ports_info_chk"; + + /* def SIP_PROXY_IP */ + $def_sip_proxy_ip_info_chk = $snortcfg['def_sip_proxy_ip']; + if ($def_sip_proxy_ip_info_chk == "") + $def_sip_proxy_ip_type = "\$HOME_NET"; + else + $def_sip_proxy_ip_type = "$def_sip_proxy_ip_info_chk"; + + /* def SIP_PROXY_PORTS */ + $def_sip_proxy_ports_info_chk = $snortcfg['def_sip_proxy_ports']; + if ($def_sip_proxy_ports_info_chk == "") + $def_sip_proxy_ports_type = "5060:5090,16384:32768"; + else + $def_sip_proxy_ports_type = "$def_sip_proxy_ports_info_chk"; + + /* def SIP_SERVERS */ + $def_sip_servers_info_chk = $snortcfg['def_sip_servers']; + if ($def_sip_servers_info_chk == "") + $def_sip_servers_type = "\$HOME_NET"; + else + $def_sip_servers_type = "$def_sip_servers_info_chk"; + + /* def SIP_PORTS */ + $def_sip_ports_info_chk = $snortcfg['def_sip_ports']; + if ($def_sip_ports_info_chk == "") + $def_sip_ports_type = "5060:5090,16384:32768"; + else + $def_sip_ports_type = "$def_sip_ports_info_chk"; + + /* def AUTH_PORTS */ + $def_auth_ports_info_chk = $snortcfg['def_auth_ports']; + if ($def_auth_ports_info_chk == "") + $def_auth_ports_type = "113"; + else + $def_auth_ports_type = "$def_auth_ports_info_chk"; + + /* def FINGER_PORTS */ + $def_finger_ports_info_chk = $snortcfg['def_finger_ports']; + if ($def_finger_ports_info_chk == "") + $def_finger_ports_type = "79"; + else + $def_finger_ports_type = "$def_finger_ports_info_chk"; + + /* def IRC_PORTS */ + $def_irc_ports_info_chk = $snortcfg['def_irc_ports']; + if ($def_irc_ports_info_chk == "") + $def_irc_ports_type = "6665,6666,6667,6668,6669,7000"; + else + $def_irc_ports_type = "$def_irc_ports_info_chk"; + + /* def NNTP_PORTS */ + $def_nntp_ports_info_chk = $snortcfg['def_nntp_ports']; + if ($def_nntp_ports_info_chk == "") + $def_nntp_ports_type = "119"; + else + $def_nntp_ports_type = "$def_nntp_ports_info_chk"; + + /* def RLOGIN_PORTS */ + $def_rlogin_ports_info_chk = $snortcfg['def_rlogin_ports']; + if ($def_rlogin_ports_info_chk == "") + $def_rlogin_ports_type = "513"; + else + $def_rlogin_ports_type = "$def_rlogin_ports_info_chk"; + + /* def RSH_PORTS */ + $def_rsh_ports_info_chk = $snortcfg['def_rsh_ports']; + if ($def_rsh_ports_info_chk == "") + $def_rsh_ports_type = "514"; + else + $def_rsh_ports_type = "$def_rsh_ports_info_chk"; + + /* def SSL_PORTS */ + $def_ssl_ports_info_chk = $snortcfg['def_ssl_ports']; + if ($def_ssl_ports_info_chk == "") + $def_ssl_ports_type = "443,465,563,636,989,990,992,993,994,995"; + else + $def_ssl_ports_type = "$def_ssl_ports_info_chk"; + + /* if user is on pppoe, we really want to use ng0 interface */ + if ($snort_pfsense_basever == 'yes' && $snort_ext_int == "wan") + $snort_ext_int = get_real_wan_interface(); + + /* set the snort performance model */ + if($snortcfg['performance']) + $snort_performance = $snortcfg['performance']; + else + $snort_performance = "ac-bnfa"; + + + /* generate rule sections to load */ + $enabled_rulesets = $snortcfg['rulesets']; + $selected_rules_sections = ""; + if (!empty($enabled_rulesets)) { + $enabled_rulesets_array = split("\|\|", $enabled_rulesets); + foreach($enabled_rulesets_array as $enabled_item) + $selected_rules_sections .= "include \$RULE_PATH/{$enabled_item}\n"; + } + + ///////////////////////////// + + /* preprocessor code */ + + /* def perform_stat */ + $snort_perform_stat = <<<EOD + +########################## + # +# NEW # +# Performance Statistics # + # +########################## + +preprocessor perfmonitor: time 300 file /var/log/snort/{$snort_uuid}_{$if_real}/snort.stats pktcnt 10000 + +EOD; + + $def_perform_stat_info_chk = $snortcfg['perform_stat']; + if ($def_perform_stat_info_chk == "on") + $def_perform_stat_type = "$snort_perform_stat"; + else + $def_perform_stat_type = ""; + + $def_flow_depth_info_chk = $snortcfg['flow_depth']; + if (empty($def_flow_depth_info_chk)) + $def_flow_depth_type = '0'; + else + $def_flow_depth_type = $snortcfg['flow_depth']; + + /* def http_inspect */ + $snort_http_inspect = <<<EOD + +################# + # +# HTTP Inspect # + # +################# + +preprocessor http_inspect: global iis_unicode_map unicode.map 1252 compress_depth 65535 decompress_depth 65535 + +# TODO: pfsense GUI needed for ports +preprocessor http_inspect_server: server default \ + http_methods { GET POST PUT SEARCH MKCOL COPY MOVE LOCK UNLOCK NOTIFY POLL BCOPY BDELETE BMOVE LINK UNLINK OPTIONS HEAD DELETE TRACE TRACK CONNECT SOURCE SUBSCRIBE UNSUBSCRIBE PROPFIND PROPPATCH BPROPFIND BPROPPATCH RPC_CONNECT PROXY_SUCCESS BITS_POST CCM_POST SMS_POST RPC_IN_DATA RPC_OUT_DATA RPC_ECHO_DATA } \ + ports { 80 8080 } \ + non_strict \ + non_rfc_char { 0x00 0x01 0x02 0x03 0x04 0x05 0x06 0x07 } \ + flow_depth {$def_flow_depth_type} \ + apache_whitespace no \ + directory no \ + iis_backslash no \ + u_encode yes \ + extended_response_inspection \ + inspect_gzip \ + normalize_utf \ + unlimited_decompress \ + ascii no \ + chunk_length 500000 \ + bare_byte yes \ + double_decode yes \ + iis_unicode no \ + iis_delimiter no \ + multi_slash no \ + server_flow_depth 0 \ + client_flow_depth 0 \ + post_depth 65495 \ + oversize_dir_length 500 \ + max_header_length 750 \ + max_headers 100 \ + max_spaces 0 \ + small_chunk_length { 10 5 } \ + enable_cookie \ + normalize_javascript \ + utf_8 no \ + webroot no + +EOD; + + $def_http_inspect_info_chk = $snortcfg['http_inspect']; + if ($def_http_inspect_info_chk == "on") + $def_http_inspect_type = "$snort_http_inspect"; + else + $def_http_inspect_type = ""; + + /* def other_preprocs */ + $snort_other_preprocs = <<<EOD + +################## + # +# Other preprocs # + # +################## + +preprocessor rpc_decode: 111 32770 32771 32772 32773 32774 32775 32776 32777 32778 32779 +preprocessor bo + +EOD; + + $def_other_preprocs_info_chk = $snortcfg['other_preprocs']; + if ($def_other_preprocs_info_chk == "on") + $def_other_preprocs_type = "$snort_other_preprocs"; + else + $def_other_preprocs_type = ""; + + /* def ftp_preprocessor */ + $snort_ftp_preprocessor = <<<EOD + +##################### + # +# ftp preprocessor # + # +##################### + +preprocessor ftp_telnet: global \ + inspection_type stateful \ + encrypted_traffic no + +preprocessor ftp_telnet_protocol: telnet \ + normalize \ + ayt_attack_thresh 200 \ + detect_anomalies + +preprocessor ftp_telnet_protocol: \ + ftp server default \ + def_max_param_len 100 \ + # TODO add pfsense GUI + ports { 21 } \ + telnet_cmds yes \ + ftp_cmds { ABOR ACCT ADAT ALLO APPE AUTH CCC CDUP } \ + ftp_cmds { CEL CLNT CMD CONF CWD DELE ENC EPRT } \ + ftp_cmds { EPSV ESTA ESTP FEAT HELP LANG LIST LPRT } \ + ftp_cmds { LPSV MACB MAIL MDTM MIC MKD MLSD MLST } \ + ftp_cmds { MODE NLST NOOP OPTS PASS PASV PBSZ PORT } \ + ftp_cmds { PROT PWD QUIT REIN REST RETR RMD RNFR } \ + ftp_cmds { RNTO SDUP SITE SIZE SMNT STAT STOR STOU } \ + ftp_cmds { STRU SYST TEST TYPE USER XCUP XCRC XCWD } \ + ftp_cmds { XMAS XMD5 XMKD XPWD XRCP XRMD XRSQ XSEM } \ + ftp_cmds { XSEN XSHA1 XSHA256 } \ + alt_max_param_len 0 { ABOR CCC CDUP ESTA FEAT LPSV NOOP PASV PWD QUIT REIN STOU SYST XCUP XPWD } \ + alt_max_param_len 200 { ALLO APPE CMD HELP NLST RETR RNFR STOR STOU XMKD } \ + alt_max_param_len 256 { CWD RNTO } \ + alt_max_param_len 400 { PORT } \ + alt_max_param_len 512 { SIZE } \ + chk_str_fmt { ACCT ADAT ALLO APPE AUTH CEL CLNT CMD } \ + chk_str_fmt { CONF CWD DELE ENC EPRT EPSV ESTP HELP } \ + chk_str_fmt { LANG LIST LPRT MACB MAIL MDTM MIC MKD } \ + chk_str_fmt { MLSD MLST MODE NLST OPTS PASS PBSZ PORT } \ + chk_str_fmt { PROT REST RETR RMD RNFR RNTO SDUP SITE } \ + chk_str_fmt { SIZE SMNT STAT STOR STRU TEST TYPE USER } \ + chk_str_fmt { XCRC XCWD XMAS XMD5 XMKD XRCP XRMD XRSQ } \ + chk_str_fmt { XSEM XSEN XSHA1 XSHA256 } \ + cmd_validity ALLO < int [ char R int ] > \ + cmd_validity EPSV < [ { char 12 | char A char L char L } ] > \ + cmd_validity MACB < string > \ + cmd_validity MDTM < [ date nnnnnnnnnnnnnn[.n[n[n]]] ] string > \ + cmd_validity MODE < char ASBCZ > \ + cmd_validity PORT < host_port > \ + cmd_validity PROT < char CSEP > \ + cmd_validity STRU < char FRPO [ string ] > \ + cmd_validity TYPE < { char AE [ char NTC ] | char I | char L [ number ] } > + +preprocessor ftp_telnet_protocol: ftp client default \ + max_resp_len 256 \ + bounce yes \ + telnet_cmds yes + +EOD; + + $def_ftp_preprocessor_info_chk = $snortcfg['ftp_preprocessor']; + if ($def_ftp_preprocessor_info_chk == "on") + $def_ftp_preprocessor_type = "$snort_ftp_preprocessor"; + else + $def_ftp_preprocessor_type = ""; + + /* def smtp_preprocessor */ + $snort_smtp_preprocessor = <<<EOD + +##################### + # +# SMTP preprocessor # + # +##################### + +# TODO add pfsense GUI +preprocessor SMTP: ports { 25 465 691 } \ + inspection_type stateful \ + b64_decode_depth 0 \ + qp_decode_depth 0 \ + bitenc_decode_depth 0 \ + uu_decode_depth 0 \ + log_mailfrom \ + log_rcptto \ + log_filename \ + log_email_hdrs \ + normalize cmds \ + normalize_cmds { ATRN AUTH BDAT CHUNKING DATA DEBUG EHLO EMAL ESAM ESND ESOM ETRN EVFY } \ + normalize_cmds { EXPN HELO HELP IDENT MAIL NOOP ONEX QUEU QUIT RCPT RSET SAML SEND SOML } \ + normalize_cmds { STARTTLS TICK TIME TURN TURNME VERB VRFY X-ADAT X-DRCP X-ERCP X-EXCH50 } \ + normalize_cmds { X-EXPS X-LINK2STATE XADR XAUTH XCIR XEXCH50 XGEN XLICENSE XQUE XSTA XTRN XUSR } \ + max_command_line_len 512 \ + max_header_line_len 1000 \ + max_response_line_len 512 \ + alt_max_command_line_len 260 { MAIL } \ + alt_max_command_line_len 300 { RCPT } \ + alt_max_command_line_len 500 { HELP HELO ETRN EHLO } \ + alt_max_command_line_len 255 { EXPN VRFY ATRN SIZE BDAT DEBUG EMAL ESAM ESND ESOM EVFY IDENT NOOP RSET } \ + alt_max_command_line_len 246 { SEND SAML SOML AUTH TURN ETRN DATA RSET QUIT ONEX QUEU STARTTLS TICK TIME TURNME VERB X-EXPS X-LINK2STATE XADR XAUTH XCIR XEXCH50 XGEN XLICENSE XQUE XSTA XTRN XUSR } \ + valid_cmds { ATRN AUTH BDAT CHUNKING DATA DEBUG EHLO EMAL ESAM ESND ESOM ETRN EVFY } \ + valid_cmds { EXPN HELO HELP IDENT MAIL NOOP ONEX QUEU QUIT RCPT RSET SAML SEND SOML } \ + valid_cmds { STARTTLS TICK TIME TURN TURNME VERB VRFY X-ADAT X-DRCP X-ERCP X-EXCH50 } \ + valid_cmds { X-EXPS X-LINK2STATE XADR XAUTH XCIR XEXCH50 XGEN XLICENSE XQUE XSTA XTRN XUSR } \ + xlink2state { enabled } + +EOD; + + $def_smtp_preprocessor_info_chk = $snortcfg['smtp_preprocessor']; + if ($def_smtp_preprocessor_info_chk == "on") + $def_smtp_preprocessor_type = "$snort_smtp_preprocessor"; + else + $def_smtp_preprocessor_type = ""; + + /* def sf_portscan */ + $snort_sf_portscan = <<<EOD + +################ + # +# sf Portscan # + # +################ + +preprocessor sfportscan: scan_type { all } \ + proto { all } \ + memcap { 10000000 } \ + sense_level { medium } \ + ignore_scanners { \$HOME_NET } + +EOD; + + $def_sf_portscan_info_chk = $snortcfg['sf_portscan']; + if ($def_sf_portscan_info_chk == "on") + $def_sf_portscan_type = "$snort_sf_portscan"; + else + $def_sf_portscan_type = ""; + + /* def dce_rpc_2 */ + $snort_dce_rpc_2 = <<<EOD + +############### + # +# NEW # +# DCE/RPC 2 # + # +############### + +preprocessor dcerpc2: memcap 102400, events [smb, co, cl] +preprocessor dcerpc2_server: default, policy WinXP, \ + detect [smb [139,445], tcp 135, udp 135, rpc-over-http-server 593], \ + autodetect [tcp 1025:, udp 1025:, rpc-over-http-server 1025:], \ + smb_max_chain 3, \ + smb_invalid_shares ["C$", "D$", "ADMIN$"] + +EOD; + + $def_dce_rpc_2_info_chk = $snortcfg['dce_rpc_2']; + if ($def_dce_rpc_2_info_chk == "on") + $def_dce_rpc_2_type = "$snort_dce_rpc_2"; + else + $def_dce_rpc_2_type = ""; + + /* def dns_preprocessor */ + $snort_dns_preprocessor = <<<EOD + +#################### + # +# DNS preprocessor # + # +#################### + +# TODO add pfsense GUI +preprocessor dns: \ + ports { 53 } \ + enable_rdata_overflow + +EOD; + + $def_dns_preprocessor_info_chk = $snortcfg['dns_preprocessor']; + if ($def_dns_preprocessor_info_chk == "on") + $def_dns_preprocessor_type = "$snort_dns_preprocessor"; + else + $def_dns_preprocessor_type = ""; + + /* def SSL_PORTS IGNORE */ + $def_ssl_ports_ignore_info_chk = $snortcfg['def_ssl_ports_ignore']; + if ($def_ssl_ports_ignore_info_chk == "") + $def_ssl_ports_ignore_type = "443 465 563 636 989 990 992 993 994 995"; + else + $def_ssl_ports_ignore_type = "$def_ssl_ports_ignore_info_chk"; + + /* stream5 queued settings */ + + + $def_max_queued_bytes_info_chk = $snortcfg['max_queued_bytes']; + if ($def_max_queued_bytes_info_chk == '') + $def_max_queued_bytes_type = ''; + else + $def_max_queued_bytes_type = ' max_queued_bytes ' . $snortcfg['max_queued_bytes'] . ','; + + $def_max_queued_segs_info_chk = $snortcfg['max_queued_segs']; + if ($def_max_queued_segs_info_chk == '') + $def_max_queued_segs_type = ''; + else + $def_max_queued_segs_type = ' max_queued_segs ' . $snortcfg['max_queued_segs'] . ','; + + $snort_preprocessor_decoder_rules = ""; + if (file_exists("/usr/local/etc/snort/preproc_rules/preprocessor.rules")) + $snort_preprocessor_decoder_rules .= "include \$PREPROC_RULE_PATH/preprocessor.rules\n"; + if (file_exists("/usr/local/etc/snort/preproc_rules/decoder.rules")) + $snort_preprocessor_decoder_rules .= "include \$PREPROC_RULE_PATH/decoder.rules\n"; + + /* build snort configuration file */ + $snort_conf_text = <<<EOD + +############################################################################## +# # +# snort configuration file generated by the pfSense package manager system # +# see /usr/local/pkg/snort.inc # # +# for snort ver. 2.9.2.3 # +# more information Snort can be found at http://www.snort.org/ # +# # +############################################################################## + +######################### + # +# Define Local Network # + # +######################### + +# TODO: bug, auto gen is adding extra 127.0.0.1 +ipvar HOME_NET {$home_net} +ipvar EXTERNAL_NET {$external_net} + +################### + # +# Define Servers # + # +################### + +ipvar DNS_SERVERS [{$def_dns_servers_type}] +ipvar SMTP_SERVERS [{$def_smtp_servers_type}] +ipvar HTTP_SERVERS [{$def_http_servers_type}] +ipvar SQL_SERVERS [{$def_sql_servers_type}] +ipvar TELNET_SERVERS [{$def_telnet_servers_type}] +ipvar FTP_SERVERS [{$def_ftp_servers_type}] +ipvar SSH_SERVERS [{$def_ssh_servers_type}] +ipvar SIP_PROXY_IP [{$def_sip_proxy_ip_type}] +ipvar SIP_SERVERS [{$def_sip_servers_type}] +ipvar AIM_SERVERS [64.12.24.0/23,64.12.28.0/23,64.12.161.0/24,64.12.163.0/24,64.12.200.0/24,205.188.3.0/24,205.188.5.0/24,205.188.7.0/24,205.188.9.0/24,205.188.153.0/24,205.188.179.0/24,205.188.248.0/24] +# def below may have been removed +ipvar POP_SERVERS [{$def_pop_servers_type}] +ipvar IMAP_SERVERS [{$def_imap_servers_type}] +ipvar RPC_SERVERS [\$HOME_NET] +ipvar WWW_SERVERS [{$def_www_servers_type}] +ipvar SNMP_SERVERS [{$def_snmp_servers_type}] + + +######################## + # +# Define Server Ports # + # +######################## + +portvar HTTP_PORTS [{$def_http_ports_type}] +portvar SHELLCODE_PORTS !80 +portvar ORACLE_PORTS [{$def_oracle_ports_type}] +portvar FTP_PORTS [{$def_ftp_ports_type}] +portvar SSH_PORTS [{$def_ssh_ports_type}] +portvar SIP_PORTS [{$def_sip_ports_type}] +### Below ports need new gui ### +portvar FILE_DATA_PORTS [\$HTTP_PORTS,110,143] +portvar GTP_PORTS [2123,2152,3386] +portvar MODBUS_PORTS [502] +portvar DNP3_PORTS [20000] +# These ports may have been removed left here so no custom rules break +portvar AUTH_PORTS [{$def_auth_ports_type}] +portvar DNS_PORTS [{$def_dns_ports_type}] +portvar FINGER_PORTS [{$def_finger_ports_type}] +portvar IMAP_PORTS [{$def_imap_ports_type}] +portvar IRC_PORTS [{$def_irc_ports_type}] +portvar MSSQL_PORTS [{$def_mssql_ports_type}] +portvar NNTP_PORTS [{$def_nntp_ports_type}] +portvar POP2_PORTS [{$def_pop2_ports_type}] +portvar POP3_PORTS [{$def_pop3_ports_type}] +portvar SUNRPC_PORTS [111,32770,32771,32772,32773,32774,32775,32776,32777,32778,32779] +portvar RLOGIN_PORTS [{$def_rlogin_ports_type}] +portvar RSH_PORTS [{$def_rsh_ports_type}] +portvar SMB_PORTS [139,445] +portvar SMTP_PORTS [{$def_smtp_ports_type}] +portvar SNMP_PORTS [{$def_snmp_ports_type}] +portvar TELNET_PORTS [{$def_telnet_ports_type}] +portvar MAIL_PORTS [{$def_mail_ports_type}] +portvar SSL_PORTS [{$def_sip_proxy_ports_type}] +portvar SIP_PROXY_PORTS [{$def_sip_ports_type}] + +# These ports may have been removed left here so no custom rules break +# DCERPC NCACN-IP-TCP +portvar DCERPC_NCACN_IP_TCP [139,445] +portvar DCERPC_NCADG_IP_UDP [138,1024:] +portvar DCERPC_NCACN_IP_LONG [135,139,445,593,1024:] +portvar DCERPC_NCACN_UDP_LONG [135,1024:] +portvar DCERPC_NCACN_UDP_SHORT [135,593,1024:] +portvar DCERPC_NCACN_TCP [2103,2105,2107] +portvar DCERPC_BRIGHTSTORE [6503,6504] + + +##################### + # +# Define Rule Paths # + # +##################### + +var RULE_PATH /usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}/rules +var PREPROC_RULE_PATH /usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}/preproc_rules +var SO_RULE_PATH /usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}/so_rules + +############################################################# +# # +# reputation preprocessor, ALWAYS USE FULL PATHS, BUG 89986 # +# # +############################################################# + +#var WHITE_LIST_PATH ../rules +#var BLACK_LIST_PATH ../rules + +################################ + # +# Configure the snort decoder # + # +################################ + +config checksum_mode: all +config disable_decode_alerts +config disable_tcpopt_experimental_alerts +config disable_tcpopt_obsolete_alerts +config disable_ttcp_alerts +config disable_tcpopt_alerts +config disable_tcpopt_ttcp_alerts +config disable_ipopt_alerts +config disable_decode_drops + +################ The following is for inline mode tunning ################ + +# config enable_decode_oversized_alerts +# config enable_decode_oversized_drops +# config flowbits_size: 64 + +#### make sure I enable gui for this ########## +# config ignore_ports: tcp 21 6667:6671 1356 # +# config ignore_ports: udp 1:17 53 # +############################################### + +# Configure active response for non inline +# config response: eth0 attempts 2 + +# Configure DAQ related options for inline mode +# +# config daq: <type> +# config daq_dir: <dir> +# config daq_mode: <mode> +# config daq_var: <var> +# +# <type> ::= pcap | afpacket | dump | nfq | ipq | ipfw +# <mode> ::= read-file | passive | inline +# <var> ::= arbitrary <name>=<value passed to DAQ +# <dir> ::= path as to where to look for DAQ module so's + +## gui needed for pfsense ## +# config daq: afpacket + +############################################################# + +######################################## +# Configure specific UID and GID +# to run snort as after dropping privs +# +# config set_gid: +# config set_uid: +######################################## + +######################################## +# +# Configure default snaplen. Snort +# defaults to MTU of in use interface +# +# config snaplen: +# +# TODO: gui needed for pfsense +# +######################################## + +################################################################ +# +# Configure default bpf_file to use for filtering what traffic +# reaches snort. options (-F) +# +# config bpf_file: +# +# TODO: gui needed for pfsense +# +############################################################### + +##################################################################### +# +# Configure default log directory for snort to log to. options (-l) +# +# config logdir: +# +##################################################################### + +################################### + # +# Configure the detection engine # +# Use lower memory models # + # +################################### + +# TODO: gui needed for pfsense +# Configure PCRE match limitations +config pcre_match_limit: 3500 +config pcre_match_limit_recursion: 1500 + +############################################################################# +# # +# Configure the detection engine # +# Use lower memory models for pfsense # +# # +# # +# Notes # +# # +# ac, ac-q, ac-bnfa, ac-bnfa-q, lowmem, lowmem-q # +# ac-split shorthand for search-method ac, split-any-any, intel-cpm,ac-nq, # +# ac-bnfa-nq This is the default search method if none is specified. # +# lowmem-nq, ac-std, acs, ac-banded, ac-sparsebands # +# # +############################################################################# + +config detection: search-method {$snort_performance} search-optimize max-pattern-len 20 +config event_queue: max_queue 8 log 3 order_events content_length + +################################################### +# Configure GTP if it is to be used +#################################################### + +# TODO: gui needed for pfsense +# config enable_gtp + +################################################### +# Per packet and rule latency enforcement, README.ppm +################################################### + +# Per Packet latency configuration +#config ppm: max-pkt-time 250, \ +# fastpath-expensive-packets, \ +# pkt-log + +# Per Rule latency configuration +#config ppm: max-rule-time 200, \ +# threshold 3, \ +# suspend-expensive-rules, \ +# suspend-timeout 20, \ +# rule-log alert + +################################################### +# Configure Perf Profiling for debugging, README.PerfProfiling +################################################### + +#config profile_rules: print all, sort avg_ticks +#config profile_preprocs: print all, sort avg_ticks + +################################################### +# Configure protocol aware flushing. README.stream5 +################################################### +config paf_max: 16000 + +################################################## +# Configure dynamic loaded libraries +################################################## + +dynamicpreprocessor directory /usr/local/lib/snort/dynamicpreprocessor +dynamicengine /usr/local/lib/snort/dynamicengine/libsf_engine.so +dynamicdetection directory /usr/local/lib/snort/dynamicrules + +################### + # +# Flow and stream # + # +################### + +# TODO: gui needed for pfsense +# GTP Control Channle Preprocessor, README.GTP +preprocessor gtp: ports { 2123 3386 2152 } + +#################################################### +# Inline packet normalization, README.normalize +# Does nothing in IDS mode +# +# preprocessor normalize_ip4 +# preprocessor normalize_tcp: ips ecn stream +# preprocessor normalize_icmp4 +# preprocessor normalize_ip6 +# preprocessor normalize_icmp6 +#################################################### + +# this tuning ,may need testing +preprocessor frag3_global: max_frags 65536 +preprocessor frag3_engine: policy bsd detect_anomalies + +preprocessor stream5_global: track_tcp yes, track_udp yes, track_icmp yes, max_tcp 262144, max_udp 131072, max_active_responses 2, min_response_seconds 5 + +preprocessor stream5_tcp: policy BSD, ports both all, timeout 180, {$def_max_queued_bytes_type}{$def_max_queued_segs_type} +preprocessor stream5_udp: timeout 180 +preprocessor stream5_icmp: + + {$def_perform_stat_type} + + {$def_http_inspect_type} + + {$def_other_preprocs_type} + + {$def_ftp_preprocessor_type} + + {$def_smtp_preprocessor_type} + + {$def_sf_portscan_type} + +######################## + # +# ARP spoof detection. # + # +######################## + +# preprocessor arpspoof +# preprocessor arpspoof_detect_host: 192.168.40.1 f0:0f:00:f0:0f:00 + +########################## + # +# SSH anomaly detection # + # +########################## + +preprocessor ssh: server_ports { 22 } \ + autodetect \ + max_client_bytes 19600 \ + max_encrypted_packets 20 \ + max_server_version_len 100 \ + enable_respoverflow enable_ssh1crc32 \ + enable_srvoverflow enable_protomismatch + + + {$def_dce_rpc_2_type} + + {$def_dns_preprocessor_type} + +############################## + # +# NEW # +# Ignore SSL and Encryption # + # +############################## + +preprocessor ssl: ports { {$def_ssl_ports_ignore_type} }, trustservers, noinspect_encrypted + + +########################################################### + # +# SDF sensitive data preprocessor, README.sensitive_data # + # +########################################################### + +# TODO: add pfsense GUI +preprocessor sensitive_data: alert_threshold 20 + +############################################################# + # +# SIP Session Initiation Protocol preprocessor, README.sip # + # +############################################################# + +# TODO: add pfsense GUI +preprocessor sip: max_sessions 40000, \ + ports { 5060 5061 5600 }, \ + methods { invite \ + cancel \ + ack \ + bye \ + register \ + options \ + refer \ + subscribe \ + update \ + join \ + info \ + message \ + notify \ + benotify \ + do \ + qauth \ + sprack \ + publish \ + service \ + unsubscribe \ + prack }, \ + max_uri_len 512, \ + max_call_id_len 80, \ + max_requestName_len 20, \ + max_from_len 256, \ + max_to_len 256, \ + max_via_len 1024, \ + max_contact_len 512, \ + max_content_len 2048 + +################################## + # +# IMAP preprocessor, README.imap # + # +################################## + +# TODO: add pfsense GUI +preprocessor imap: \ + ports { 143 } \ + b64_decode_depth 0 \ + qp_decode_depth 0 \ + bitenc_decode_depth 0 \ + uu_decode_depth 0 + +################################## + # +# POP preprocessor, README.pop # + # +################################## + +# TODO: add pfsense GUI +preprocessor pop: \ + ports { 110 } \ + b64_decode_depth 0 \ + qp_decode_depth 0 \ + bitenc_decode_depth 0 \ + uu_decode_depth 0 + +####################################### + # +# Modbus preprocessor, README.modbus # +# Used for SCADA # + # +####################################### + +# TODO: add pfsense GUI +preprocessor modbus: ports { 502 } + + +############################################### + # +# DNP3 preprocessor, EADME.dnp3 # + # +############################################### + +# TODO: add pfsense GUI +preprocessor dnp3: ports { 20000 } \ + memcap 262144 \ + check_crc + +############################################### + # +# Reputation preprocessor, README.reputation # + # +############################################### + +#preprocessor reputation: \ +# memcap 500, \ +# priority whitelist, \ +# nested_ip inner, \ +# whitelist \$WHITE_LIST_PATH/white_list.rules, \ +# blacklist \$BLACK_LIST_PATH/black_list.rules + + +##################### + # +# Snort Output Logs # + # +##################### + +$snortalertlogtype_type +$alertsystemlog_type +$tcpdumplog_type +$snortunifiedlogbasic_type +$snortunifiedlog_type +$snortalertcvs_type +$spoink_type + +################# + # +# Misc Includes # + # +################# + +include /usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}/reference.config +include /usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}/classification.config +{$snort_preprocessor_decoder_rules} + +$threshold_file_name + +# Snort user pass through configuration +{$snort_config_pass_thru} + +################### + # +# Rules Selection # + # +################### + + {$selected_rules_sections} + +EOD; + + return $snort_conf_text; +} + +/* hide progress bar */ +function hide_progress_bar_status() { + global $snort_filename, $snort_filename_md5, $console_mode; + + ob_flush(); + if(!$console_mode) + echo "\n<script type=\"text/javascript\">document.progressbar.style.visibility='hidden';\n</script>"; +} + +/* unhide progress bar */ +function unhide_progress_bar_status() { + global $snort_filename, $snort_filename_md5, $console_mode; + + ob_flush(); + if(!$console_mode) + echo "\n<script type=\"text/javascript\">document.progressbar.style.visibility='visible';\n</script>"; +} + +/* update both top and bottom text box during an operation */ +function update_all_status($status) { + global $snort_filename, $snort_filename_md5, $console_mode; + + ob_flush(); + if(!$console_mode) { + update_status($status); + update_output_window($status); + } +} + +######## new + +// returns array that matches pattern, option to replace objects in matches +function snortScanDirFilter($arrayList, $pattmatch, $pattreplace, $pattreplacewith) +{ + foreach ( $arrayList as $val ) + { + if (preg_match($pattmatch, $val, $matches)) { + if ($pattreplace != '') { + $matches2 = preg_replace($pattreplace, $pattreplacewith, $matches[0]); + $filterDirList[] = $matches2; + }else{ + $filterDirList[] = $matches[0]; + } + } + } + return $filterDirList; +} + +?> diff --git a/config/snort-dev/snort.xml b/config/snort-dev/snort.xml index 2365bbea..6ebf50be 100644 --- a/config/snort-dev/snort.xml +++ b/config/snort-dev/snort.xml @@ -1,205 +1,205 @@ -<?xml version="1.0" encoding="utf-8" ?> -<!DOCTYPE packagegui SYSTEM "../schema/packages.dtd"> -<?xml-stylesheet type="text/xsl" href="../xsl/package.xsl"?> -<packagegui> - <copyright> - <![CDATA[ -/* $Id$ */ -/* ========================================================================== */ -/* - authng.xml - part of pfSense (http://www.pfsense.com) - Copyright (C) 2007 to whom it may belong - All rights reserved. - - Based on m0n0wall (http://m0n0.ch/wall) - Copyright (C) 2003-2006 Manuel Kasper <mk@neon1.net>. - All rights reserved. - */ -/* ========================================================================== */ -/* - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions are met: - - 1. Redistributions of source code must retain the above copyright notice, - this list of conditions and the following disclaimer. - - 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. - - THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, - INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY - AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, - OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - POSSIBILITY OF SUCH DAMAGE. - */ -/* ========================================================================== */ - ]]> - </copyright> - <description>Describe your package here</description> - <requirements>Describe your package requirements here</requirements> - <faq>Currently there are no FAQ items provided.</faq> - <name>Snort</name> - <version>2.9.0.5</version> - <title>Services:2.9.0.5 pkg v. 2.0</title> - <include_file>/usr/local/pkg/snort/snort.inc</include_file> - <menu> - <name>Snort</name> - <tooltiptext>Setup snort specific settings</tooltiptext> - <section>Services</section> - <url>/snort/snort_interfaces.php</url> - </menu> - <service> - <name>snort</name> - <rcfile>snort.sh</rcfile> - <executable>snort</executable> - <description>Snort is the most widely deployed IDS/IPS technology - worldwide.</description> - </service> - <tabs> - </tabs> - <additional_files_needed> - <prefix>/usr/local/pkg/snort/</prefix> - <chmod>077</chmod> - <item>http://www.pfsense.com/packages/config/snort/snort.inc</item> - </additional_files_needed> - <additional_files_needed> - <prefix>/usr/local/pkg/snort/</prefix> - <chmod>077</chmod> - <item>http://www.pfsense.com/packages/config/snort/snort_gui.inc</item> - </additional_files_needed> - <additional_files_needed> - <prefix>/usr/local/pkg/snort/</prefix> - <chmod>077</chmod> - <item>http://www.pfsense.com/packages/config/snort/snort_check_cron_misc.inc</item> - </additional_files_needed> - <additional_files_needed> - <prefix>/usr/local/bin/</prefix> - <chmod>077</chmod> - <item>http://www.pfsense.com/packages/config/snort/bin/oinkmaster_contrib/create-sidmap.pl</item> - </additional_files_needed> - <additional_files_needed> - <prefix>/usr/local/bin/</prefix> - <chmod>077</chmod> - <item>http://www.pfsense.com/packages/config/snort/bin/oinkmaster_contrib/oinkmaster.pl</item> - </additional_files_needed> - <additional_files_needed> - <prefix>/usr/local/bin/</prefix> - <chmod>077</chmod> - <item>http://www.pfsense.com/packages/config/snort/bin/oinkmaster_contrib/snort_rename.pl</item> - </additional_files_needed> - <additional_files_needed> - <prefix>/usr/local/www/snort/</prefix> - <chmod>077</chmod> - <item>http://www.pfsense.com/packages/config/snort/snort_alerts.php</item> - </additional_files_needed> - <additional_files_needed> - <prefix>/usr/local/www/snort/</prefix> - <chmod>077</chmod> - <item>http://www.pfsense.com/packages/config/snort/snort_barnyard.php</item> - </additional_files_needed> - <additional_files_needed> - <prefix>/usr/local/www/snort/</prefix> - <chmod>077</chmod> - <item>http://www.pfsense.com/packages/config/snort/snort_blocked.php</item> - </additional_files_needed> - <additional_files_needed> - <prefix>/usr/local/www/snort/</prefix> - <chmod>077</chmod> - <item>http://www.pfsense.com/packages/config/snort/snort_define_servers.php</item> - </additional_files_needed> - <additional_files_needed> - <prefix>/usr/local/www/snort/</prefix> - <chmod>077</chmod> - <item>http://www.pfsense.com/packages/config/snort/snort_download_rules.php</item> - </additional_files_needed> - <additional_files_needed> - <prefix>/usr/local/www/snort/</prefix> - <chmod>077</chmod> - <item>http://www.pfsense.com/packages/config/snort/snort_download_updates.php</item> - </additional_files_needed> - <additional_files_needed> - <prefix>/usr/local/pkg/snort/</prefix> - <chmod>077</chmod> - <item>http://www.pfsense.com/packages/config/snort/snort_check_for_rule_updates.php</item> - </additional_files_needed> - <additional_files_needed> - <prefix>/usr/local/www/snort/</prefix> - <chmod>077</chmod> - <item>http://www.pfsense.com/packages/config/snort/help_and_info.php</item> - </additional_files_needed> - <additional_files_needed> - <prefix>/usr/local/www/snort/</prefix> - <chmod>077</chmod> - <item>http://www.pfsense.com/packages/config/snort/snort_interfaces.php</item> - </additional_files_needed> - <additional_files_needed> - <prefix>/usr/local/www/snort/</prefix> - <chmod>077</chmod> - <item>http://www.pfsense.com/packages/config/snort/snort_interfaces_edit.php</item> - </additional_files_needed> - <additional_files_needed> - <prefix>/usr/local/www/snort/</prefix> - <chmod>077</chmod> - <item>http://www.pfsense.com/packages/config/snort/snort_interfaces_global.php</item> - </additional_files_needed> - <additional_files_needed> - <prefix>/usr/local/www/snort/</prefix> - <chmod>077</chmod> - <item>http://www.pfsense.com/packages/config/snort/snort_rules.php</item> - </additional_files_needed> - <additional_files_needed> - <prefix>/usr/local/www/snort/</prefix> - <chmod>077</chmod> - <item>http://www.pfsense.com/packages/config/snort/snort_rules_edit.php</item> - </additional_files_needed> - <additional_files_needed> - <prefix>/usr/local/www/snort/</prefix> - <chmod>077</chmod> - <item>http://www.pfsense.com/packages/config/snort/snort_rulesets.php</item> - </additional_files_needed> - <additional_files_needed> - <prefix>/usr/local/www/snort/</prefix> - <chmod>077</chmod> - <item>http://www.pfsense.com/packages/config/snort/snort_preprocessors.php</item> - </additional_files_needed> - <additional_files_needed> - <prefix>/usr/local/www/snort/</prefix> - <chmod>077</chmod> - <item>http://www.pfsense.com/packages/config/snort/snort_interfaces_whitelist.php</item> - </additional_files_needed> - <additional_files_needed> - <prefix>/usr/local/www/snort/</prefix> - <chmod>077</chmod> - <item>http://www.pfsense.com/packages/config/snort/snort_interfaces_whitelist_edit.php</item> - </additional_files_needed> - <additional_files_needed> - <prefix>/usr/local/www/snort/</prefix> - <chmod>077</chmod> - <item>http://www.pfsense.com/packages/config/snort/snort_interfaces_suppress.php</item> - </additional_files_needed> - <additional_files_needed> - <prefix>/usr/local/www/snort/</prefix> - <chmod>077</chmod> - <item>http://www.pfsense.com/packages/config/snort/snort_interfaces_suppress_edit.php</item> - </additional_files_needed> - <fields> - </fields> - <custom_add_php_command> - </custom_add_php_command> - <custom_php_resync_config_command> - sync_snort_package_config(); - </custom_php_resync_config_command> - <custom_php_install_command> - snort_postinstall(); - </custom_php_install_command> - <custom_php_deinstall_command> - snort_deinstall(); - </custom_php_deinstall_command> -</packagegui> +<?xml version="1.0" encoding="utf-8" ?>
+<!DOCTYPE packagegui SYSTEM "../schema/packages.dtd">
+<?xml-stylesheet type="text/xsl" href="../xsl/package.xsl"?>
+<packagegui>
+ <copyright>
+ <![CDATA[
+/* $Id$ */
+/* ========================================================================== */
+/*
+ authng.xml
+ part of pfSense (http://www.pfsense.com)
+ Copyright (C) 2007 to whom it may belong
+ All rights reserved.
+
+ Based on m0n0wall (http://m0n0.ch/wall)
+ Copyright (C) 2003-2006 Manuel Kasper <mk@neon1.net>.
+ All rights reserved.
+ */
+/* ========================================================================== */
+/*
+ Redistribution and use in source and binary forms, with or without
+ modification, are permitted provided that the following conditions are met:
+
+ 1. Redistributions of source code must retain the above copyright notice,
+ this list of conditions and the following disclaimer.
+
+ 2. Redistributions in binary form must reproduce the above copyright
+ notice, this list of conditions and the following disclaimer in the
+ documentation and/or other materials provided with the distribution.
+
+ THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
+ INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
+ AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
+ OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ POSSIBILITY OF SUCH DAMAGE.
+ */
+/* ========================================================================== */
+ ]]>
+ </copyright>
+ <description>Describe your package here</description>
+ <requirements>Describe your package requirements here</requirements>
+ <faq>Currently there are no FAQ items provided.</faq>
+ <name>Snort</name>
+ <version>2.9.0.5</version>
+ <title>Services:2.9.0.5 pkg v. 2.0</title>
+ <include_file>/usr/local/pkg/snort/snort.inc</include_file>
+ <menu>
+ <name>Snort</name>
+ <tooltiptext>Setup snort specific settings</tooltiptext>
+ <section>Services</section>
+ <url>/snort/snort_interfaces.php</url>
+ </menu>
+ <service>
+ <name>snort</name>
+ <rcfile>snort.sh</rcfile>
+ <executable>snort</executable>
+ <description>Snort is the most widely deployed IDS/IPS technology
+ worldwide.</description>
+ </service>
+ <tabs>
+ </tabs>
+ <additional_files_needed>
+ <prefix>/usr/local/pkg/snort/</prefix>
+ <chmod>077</chmod>
+ <item>http://www.pfsense.com/packages/config/snort/snort.inc</item>
+ </additional_files_needed>
+ <additional_files_needed>
+ <prefix>/usr/local/pkg/snort/</prefix>
+ <chmod>077</chmod>
+ <item>http://www.pfsense.com/packages/config/snort/snort_gui.inc</item>
+ </additional_files_needed>
+ <additional_files_needed>
+ <prefix>/usr/local/pkg/snort/</prefix>
+ <chmod>077</chmod>
+ <item>http://www.pfsense.com/packages/config/snort/snort_check_cron_misc.inc</item>
+ </additional_files_needed>
+ <additional_files_needed>
+ <prefix>/usr/local/bin/</prefix>
+ <chmod>077</chmod>
+ <item>http://www.pfsense.com/packages/config/snort/bin/oinkmaster_contrib/create-sidmap.pl</item>
+ </additional_files_needed>
+ <additional_files_needed>
+ <prefix>/usr/local/bin/</prefix>
+ <chmod>077</chmod>
+ <item>http://www.pfsense.com/packages/config/snort/bin/oinkmaster_contrib/oinkmaster.pl</item>
+ </additional_files_needed>
+ <additional_files_needed>
+ <prefix>/usr/local/bin/</prefix>
+ <chmod>077</chmod>
+ <item>http://www.pfsense.com/packages/config/snort/bin/oinkmaster_contrib/snort_rename.pl</item>
+ </additional_files_needed>
+ <additional_files_needed>
+ <prefix>/usr/local/www/snort/</prefix>
+ <chmod>077</chmod>
+ <item>http://www.pfsense.com/packages/config/snort/snort_alerts.php</item>
+ </additional_files_needed>
+ <additional_files_needed>
+ <prefix>/usr/local/www/snort/</prefix>
+ <chmod>077</chmod>
+ <item>http://www.pfsense.com/packages/config/snort/snort_barnyard.php</item>
+ </additional_files_needed>
+ <additional_files_needed>
+ <prefix>/usr/local/www/snort/</prefix>
+ <chmod>077</chmod>
+ <item>http://www.pfsense.com/packages/config/snort/snort_blocked.php</item>
+ </additional_files_needed>
+ <additional_files_needed>
+ <prefix>/usr/local/www/snort/</prefix>
+ <chmod>077</chmod>
+ <item>http://www.pfsense.com/packages/config/snort/snort_define_servers.php</item>
+ </additional_files_needed>
+ <additional_files_needed>
+ <prefix>/usr/local/www/snort/</prefix>
+ <chmod>077</chmod>
+ <item>http://www.pfsense.com/packages/config/snort/snort_download_rules.php</item>
+ </additional_files_needed>
+ <additional_files_needed>
+ <prefix>/usr/local/www/snort/</prefix>
+ <chmod>077</chmod>
+ <item>http://www.pfsense.com/packages/config/snort/snort_download_updates.php</item>
+ </additional_files_needed>
+ <additional_files_needed>
+ <prefix>/usr/local/pkg/snort/</prefix>
+ <chmod>077</chmod>
+ <item>http://www.pfsense.com/packages/config/snort/snort_check_for_rule_updates.php</item>
+ </additional_files_needed>
+ <additional_files_needed>
+ <prefix>/usr/local/www/snort/</prefix>
+ <chmod>077</chmod>
+ <item>http://www.pfsense.com/packages/config/snort/help_and_info.php</item>
+ </additional_files_needed>
+ <additional_files_needed>
+ <prefix>/usr/local/www/snort/</prefix>
+ <chmod>077</chmod>
+ <item>http://www.pfsense.com/packages/config/snort/snort_interfaces.php</item>
+ </additional_files_needed>
+ <additional_files_needed>
+ <prefix>/usr/local/www/snort/</prefix>
+ <chmod>077</chmod>
+ <item>http://www.pfsense.com/packages/config/snort/snort_interfaces_edit.php</item>
+ </additional_files_needed>
+ <additional_files_needed>
+ <prefix>/usr/local/www/snort/</prefix>
+ <chmod>077</chmod>
+ <item>http://www.pfsense.com/packages/config/snort/snort_interfaces_global.php</item>
+ </additional_files_needed>
+ <additional_files_needed>
+ <prefix>/usr/local/www/snort/</prefix>
+ <chmod>077</chmod>
+ <item>http://www.pfsense.com/packages/config/snort/snort_rules.php</item>
+ </additional_files_needed>
+ <additional_files_needed>
+ <prefix>/usr/local/www/snort/</prefix>
+ <chmod>077</chmod>
+ <item>http://www.pfsense.com/packages/config/snort/snort_rules_edit.php</item>
+ </additional_files_needed>
+ <additional_files_needed>
+ <prefix>/usr/local/www/snort/</prefix>
+ <chmod>077</chmod>
+ <item>http://www.pfsense.com/packages/config/snort/snort_rulesets.php</item>
+ </additional_files_needed>
+ <additional_files_needed>
+ <prefix>/usr/local/www/snort/</prefix>
+ <chmod>077</chmod>
+ <item>http://www.pfsense.com/packages/config/snort/snort_preprocessors.php</item>
+ </additional_files_needed>
+ <additional_files_needed>
+ <prefix>/usr/local/www/snort/</prefix>
+ <chmod>077</chmod>
+ <item>http://www.pfsense.com/packages/config/snort/snort_interfaces_whitelist.php</item>
+ </additional_files_needed>
+ <additional_files_needed>
+ <prefix>/usr/local/www/snort/</prefix>
+ <chmod>077</chmod>
+ <item>http://www.pfsense.com/packages/config/snort/snort_interfaces_whitelist_edit.php</item>
+ </additional_files_needed>
+ <additional_files_needed>
+ <prefix>/usr/local/www/snort/</prefix>
+ <chmod>077</chmod>
+ <item>http://www.pfsense.com/packages/config/snort/snort_interfaces_suppress.php</item>
+ </additional_files_needed>
+ <additional_files_needed>
+ <prefix>/usr/local/www/snort/</prefix>
+ <chmod>077</chmod>
+ <item>http://www.pfsense.com/packages/config/snort/snort_interfaces_suppress_edit.php</item>
+ </additional_files_needed>
+ <fields>
+ </fields>
+ <custom_add_php_command>
+ </custom_add_php_command>
+ <custom_php_resync_config_command>
+ sync_snort_package_config();
+ </custom_php_resync_config_command>
+ <custom_php_install_command>
+ snort_postinstall();
+ </custom_php_install_command>
+ <custom_php_deinstall_command>
+ snort_deinstall();
+ </custom_php_deinstall_command>
+</packagegui>
diff --git a/config/snort-dev/snort_alerts.php b/config/snort-dev/snort_alerts.php index 3094d1a7..354c89f4 100644 --- a/config/snort-dev/snort_alerts.php +++ b/config/snort-dev/snort_alerts.php @@ -1,582 +1,582 @@ -<?php -/* $Id$ */ -/* - snort_alerts.php - part of pfSense - - Copyright (C) 2005 Bill Marquette <bill.marquette@gmail.com>. - Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>. - Copyright (C) 2006 Scott Ullrich - All rights reserved. - - Modified for the Pfsense snort package v. 1.8+ - Copyright (C) 2009 Robert Zelaya Sr. Developer - - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions are met: - - 1. Redistributions of source code must retain the above copyright notice, - this list of conditions and the following disclaimer. - - 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. - - THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, - INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY - AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, - OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - POSSIBILITY OF SUCH DAMAGE. - */ - -require_once("guiconfig.inc"); -require_once("/usr/local/pkg/snort/snort_gui.inc"); -require_once("/usr/local/pkg/snort/snort.inc"); - -/* load only javascript that is needed */ -$snort_load_sortabletable = 'yes'; -$snort_load_mootools = 'yes'; - -$snortalertlogt = $config['installedpackages']['snortglobal']['snortalertlogtype']; - -if (!is_array($config['installedpackages']['snortglobal']['rule'])) - $config['installedpackages']['snortglobal']['rule'] = array(); -$a_instance = &$config['installedpackages']['snortglobal']['rule']; -$snort_uuid = $a_instance[0]['uuid']; -if ($_POST['instance']) - $snort_uuid = $a_instance[$_POST['instance']]['uuid']; - -if (is_array($config['installedpackages']['snortglobal']['alertsblocks'])) { - $pconfig['arefresh'] = $config['installedpackages']['snortglobal']['alertsblocks']['arefresh']; - $pconfig['alertnumber'] = $config['installedpackages']['snortglobal']['alertsblocks']['alertnumber']; - $anentries = $pconfig['alertnumber']; -} else { - $anentries = '250'; - $pconfig['alertnumber'] = '250'; - $pconfig['arefresh'] = 'off'; -} - -if ($_POST['save']) -{ - //unset($input_errors); - //$pconfig = $_POST; - - /* input validation */ - if ($_POST['save']) - { - - // if (($_POST['radiusacctport'] && !is_port($_POST['radiusacctport']))) { - // $input_errors[] = "A valid port number must be specified. [".$_POST['radiusacctport']."]"; - // } - - } - - /* no errors */ - if (!$input_errors) { - if (!is_array($config['installedpackages']['snortglobal']['alertsblocks'])) - $config['installedpackages']['snortglobal']['alertsblocks'] = array(); - $config['installedpackages']['snortglobal']['alertsblocks']['arefresh'] = $_POST['arefresh'] ? 'on' : 'off'; - $config['installedpackages']['snortglobal']['alertsblocks']['alertnumber'] = $_POST['alertnumber']; - - write_config(); - - header("Location: /snort/snort_alerts.php"); - exit; - } - -} - -if ($_GET['action'] == "clear" || $_POST['clear']) -{ - if (file_exists("/var/log/snort/alert_{$snort_uuid}")) - { - conf_mount_rw(); - @file_put_contents("/var/log/snort/alert_{$snort_uuid}", ""); - post_delete_logs(); - /* XXX: This is needed is snort is run as snort user */ - //mwexec('/usr/sbin/chown snort:snort /var/log/snort/*', true); - mwexec('/bin/chmod 660 /var/log/snort/*', true); - mwexec('/usr/bin/killall -HUP snort', true); - conf_mount_ro(); - } - header("Location: /snort/snort_alerts.php"); - exit; -} - -if ($_POST['download']) -{ - - $save_date = exec('/bin/date "+%Y-%m-%d-%H-%M-%S"'); - $file_name = "snort_logs_{$save_date}.tar.gz"; - exec("/usr/bin/tar cfz /tmp/{$file_name} /var/log/snort"); - - if (file_exists("/tmp/{$file_name}")) { - $file = "/tmp/snort_logs_{$save_date}.tar.gz"; - header("Expires: Mon, 26 Jul 1997 05:00:00 GMT\n"); - header("Pragma: private"); // needed for IE - header("Cache-Control: private, must-revalidate"); // needed for IE - header('Content-type: application/force-download'); - header('Content-Transfer-Encoding: Binary'); - header("Content-length: ".filesize($file)); - header("Content-disposition: attachment; filename = {$file_name}"); - readfile("$file"); - exec("/bin/rm /tmp/{$file_name}"); - } - - header("Location: /snort/snort_alerts.php"); - exit; -} - - -/* WARNING: took me forever to figure reg expression, dont lose */ -// $fileline = '12/09-18:12:02.086733 [**] [122:6:0] (portscan) TCP Filtered Decoy Portscan [**] [Priority: 3] {PROTO:255} 125.135.214.166 -> 70.61.243.50'; -function get_snort_alert_date($fileline) -{ - /* date full date \d+\/\d+-\d+:\d+:\d+\.\d+\s */ - if (preg_match("/\d+\/\d+-\d+:\d+:\d\d/", $fileline, $matches1)) - $alert_date = "$matches1[0]"; - - return $alert_date; -} - -function get_snort_alert_disc($fileline) -{ - /* disc */ - if (preg_match("/\[\*\*\] (\[.*\]) (.*) (\[\*\*\])/", $fileline, $matches)) - $alert_disc = "$matches[2]"; - - return $alert_disc; -} - -function get_snort_alert_class($fileline) -{ - /* class */ - if (preg_match('/\[Classification:\s.+[^\d]\]/', $fileline, $matches2)) - $alert_class = "$matches2[0]"; - - return $alert_class; -} - -function get_snort_alert_priority($fileline) -{ - /* Priority */ - if (preg_match('/Priority:\s\d/', $fileline, $matches3)) - $alert_priority = "$matches3[0]"; - - return $alert_priority; -} - -function get_snort_alert_proto($fileline) -{ - /* Priority */ - if (preg_match('/\{.+\}/', $fileline, $matches3)) - $alert_proto = "$matches3[0]"; - - return $alert_proto; -} - -function get_snort_alert_proto_full($fileline) -{ - /* Protocal full */ - if (preg_match('/.+\sTTL/', $fileline, $matches2)) - $alert_proto_full = "$matches2[0]"; - - return $alert_proto_full; -} - -function get_snort_alert_ip_src($fileline) -{ - /* SRC IP */ - $re1='.*?'; # Non-greedy match on filler - $re2='((?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\\.){3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?))(?![\\d])'; # IPv4 IP Address 1 - - if ($c=preg_match_all ("/".$re1.$re2."/is", $fileline, $matches4)) - $alert_ip_src = $matches4[1][0]; - - return $alert_ip_src; -} - -function get_snort_alert_src_p($fileline) -{ - /* source port */ - if (preg_match('/:\d+\s-/', $fileline, $matches5)) - $alert_src_p = "$matches5[0]"; - - return $alert_src_p; -} - -function get_snort_alert_flow($fileline) -{ - /* source port */ - if (preg_match('/(->|<-)/', $fileline, $matches5)) - $alert_flow = "$matches5[0]"; - - return $alert_flow; -} - -function get_snort_alert_ip_dst($fileline) -{ - /* DST IP */ - $re1dp='.*?'; # Non-greedy match on filler - $re2dp='(?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\\.){3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)(?![\\d])'; # Uninteresting: ipaddress - $re3dp='.*?'; # Non-greedy match on filler - $re4dp='((?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\\.){3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?))(?![\\d])'; # IPv4 IP Address 1 - - if ($c=preg_match_all ("/".$re1dp.$re2dp.$re3dp.$re4dp."/is", $fileline, $matches6)) - $alert_ip_dst = $matches6[1][0]; - - return $alert_ip_dst; -} - -function get_snort_alert_dst_p($fileline) -{ - /* dst port */ - if (preg_match('/:\d+$/', $fileline, $matches7)) - $alert_dst_p = "$matches7[0]"; - - return $alert_dst_p; -} - -function get_snort_alert_dst_p_full($fileline) -{ - /* dst port full */ - if (preg_match('/:\d+\n[A-Z]+\sTTL/', $fileline, $matches7)) - $alert_dst_p = "$matches7[0]"; - - return $alert_dst_p; -} - -function get_snort_alert_sid($fileline) -{ - /* SID */ - if (preg_match('/\[\d+:\d+:\d+\]/', $fileline, $matches8)) - $alert_sid = "$matches8[0]"; - - return $alert_sid; -} - -$pgtitle = "Services: Snort: Snort Alerts"; -include_once("head.inc"); - -?> - -<body link="#0000CC" vlink="#0000CC" alink="#0000CC"> - -<?php - -include_once("fbegin.inc"); -echo $snort_general_css; - -/* refresh every 60 secs */ -if ($pconfig['arefresh'] == 'on') - echo "<meta http-equiv=\"refresh\" content=\"60;url=/snort/snort_alerts.php\" />\n"; -?> - -<div class="body2"><?if($pfsense_stable == 'yes'){echo '<p class="pgtitle">' . $pgtitle . '</p>';}?> - -<table width="100%" border="0" cellpadding="0" cellspacing="0"> -<tr><td> -<?php - $tab_array = array(); - $tab_array[0] = array(gettext("Snort Interfaces"), false, "/snort/snort_interfaces.php"); - $tab_array[1] = array(gettext("Global Settings"), false, "/snort/snort_interfaces_global.php"); - $tab_array[2] = array(gettext("Updates"), false, "/snort/snort_download_updates.php"); - $tab_array[3] = array(gettext("Alerts"), true, "/snort/snort_alerts.php"); - $tab_array[4] = array(gettext("Blocked"), false, "/snort/snort_blocked.php"); - $tab_array[5] = array(gettext("Whitelists"), false, "/snort/snort_interfaces_whitelist.php"); - $tab_array[6] = array(gettext("Suppress"), false, "/snort/snort_interfaces_suppress.php"); - $tab_array[7] = array(gettext("Help"), false, "/snort/help_and_info.php"); - display_top_tabs($tab_array); -?> -</td></tr> -<tr> - <td> - <div id="mainarea2"> - <table class="tabcont" width="100%" border="1" cellspacing="0" cellpadding="0"> - <form action="/snort/snort_alerts.php" method="post" id="formalert"> - <tr> - <td width="22%" colspan="0" class="listtopic">Last <?=$anentries;?> Alert Entries.</td> - <td width="78%" class="listtopic">Latest Alert Entries Are Listed First.</td> - </tr> - <tr> - <td width="22%" class="vncell">Instance to inspect</td> - <td width="78%" class="vtable"> - <br/> <select name="instance" id="instance" class="formfld unkown" onChange="document.getElementById('formalert').submit()"> - <?php - foreach ($a_instance as $id => $instance) { - echo "<option value='{$id}'> (" . snort_get_friendly_interface($instance['interface']) . "){$instance['descr']}</option>\n"; - } - ?> - </select><br/> Choose which instance alerts you want to inspect. - </td> - <tr> - <td width="22%" class="vncell">Save or Remove Logs</td> - <td width="78%" class="vtable"> - <input name="download" type="submit" class="formbtn" value="Download"> All - log files will be saved. <a href="/snort/snort_alerts.php?action=clear"> - <input name="delete" type="button" class="formbtn" value="Clear" - onclick="return confirm('Do you really want to remove all instance logs?')"></a> - <span class="red"><strong>Warning:</strong></span> all log files will be deleted. - </td> - </tr> - <tr> - <td width="22%" class="vncell">Auto Refresh and Log View</td> - <td width="78%" class="vtable"> - <input name="save" type="submit" class="formbtn" value="Save"> - Refresh <input name="arefresh" type="checkbox" value="on" - <?php if ($config['installedpackages']['snortglobal']['alertsblocks']['arefresh']=="on") echo "checked"; ?>> - <strong>Default</strong> is <strong>ON</strong>. - <input name="alertnumber" type="text" class="formfld" id="alertnumber" size="5" value="<?=htmlspecialchars($anentries);?>"> - Enter the number of log entries to view. <strong>Default</strong> is <strong>250</strong>. - </td> - </tr> - </form> - </table> - </div> - </td> - </tr> -</table> -<table width="100%" border="0" cellpadding="0" cellspacing="0"> - <td width="100%"><br> - <div class="tableFilter"> - <form id="tableFilter" - onsubmit="myTable.filter(this.id); return false;">Filter: <select - id="column"> - <option value="1">PRIORITY</option> - <option value="2">PROTO</option> - <option value="3">DESCRIPTION</option> - <option value="4">CLASS</option> - <option value="5">SRC</option> - <option value="6">SRC PORT</option> - <option value="7">FLOW</option> - <option value="8">DST</option> - <option value="9">DST PORT</option> - <option value="10">SID</option> - <option value="11">Date</option> - </select> <input type="text" id="keyword" /> <input type="submit" - value="Submit" /> <input type="reset" value="Clear" /></form> - </div> - <table class="allRow" id="myTable" width="100%" border="2" - cellpadding="1" cellspacing="1"> - <thead> - <th axis="number">#</th> - <th axis="string">PRI</th> - <th axis="string">PROTO</th> - <th axis="string">DESCRIPTION</th> - <th axis="string">CLASS</th> - <th axis="string">SRC</th> - <th axis="string">SPORT</th> - <th axis="string">FLOW</th> - <th axis="string">DST</th> - <th axis="string">DPORT</th> - <th axis="string">SID</th> - <th axis="date">Date</th> - </thead> - <tbody> - <?php - - /* make sure alert file exists */ - if (!file_exists("/var/log/snort/alert_{$snort_uuid}")) - exec("/usr/bin/touch /var/log/snort/alert_{$snort_uuid}"); - - $logent = $anentries; - - /* detect the alert file type */ - if ($snortalertlogt == 'full') - $alerts_array = array_reverse(array_filter(explode("\n\n", file_get_contents("/var/log/snort/alert_{$snort_uuid}")))); - else - $alerts_array = array_reverse(array_filter(split("\n", file_get_contents("/var/log/snort/alert_{$snort_uuid}")))); - - - - if (is_array($alerts_array)) { - - $counter = 0; - foreach($alerts_array as $fileline) - { - - if($logent <= $counter) - continue; - - $counter++; - - /* Date */ - $alert_date_str = get_snort_alert_date($fileline); - - if($alert_date_str != '') - { - $alert_date = $alert_date_str; - }else{ - $alert_date = 'empty'; - } - - /* Discription */ - $alert_disc_str = get_snort_alert_disc($fileline); - - if($alert_disc_str != '') - { - $alert_disc = $alert_disc_str; - }else{ - $alert_disc = 'empty'; - } - - /* Classification */ - $alert_class_str = get_snort_alert_class($fileline); - - if($alert_class_str != '') - { - - $alert_class_match = array('[Classification:',']'); - $alert_class = str_replace($alert_class_match, '', "$alert_class_str"); - }else{ - $alert_class = 'Prep'; - } - - /* Priority */ - $alert_priority_str = get_snort_alert_priority($fileline); - - if($alert_priority_str != '') - { - $alert_priority_match = array('Priority: ',']'); - $alert_priority = str_replace($alert_priority_match, '', "$alert_priority_str"); - }else{ - $alert_priority = 'empty'; - } - - /* Protocol */ - /* Detect alert file type */ - if ($snortalertlogt == 'full') - { - $alert_proto_str = get_snort_alert_proto_full($fileline); - }else{ - $alert_proto_str = get_snort_alert_proto($fileline); - } - - if($alert_proto_str != '') - { - $alert_proto_match = array(" TTL",'{','}'); - $alert_proto = str_replace($alert_proto_match, '', "$alert_proto_str"); - }else{ - $alert_proto = 'empty'; - } - - /* IP SRC */ - $alert_ip_src_str = get_snort_alert_ip_src($fileline); - - if($alert_ip_src_str != '') - { - $alert_ip_src = $alert_ip_src_str; - }else{ - $alert_ip_src = 'empty'; - } - - /* IP SRC Port */ - $alert_src_p_str = get_snort_alert_src_p($fileline); - - if($alert_src_p_str != '') - { - $alert_src_p_match = array(' -',':'); - $alert_src_p = str_replace($alert_src_p_match, '', "$alert_src_p_str"); - }else{ - $alert_src_p = 'empty'; - } - - /* Flow */ - $alert_flow_str = get_snort_alert_flow($fileline); - - if($alert_flow_str != '') - { - $alert_flow = $alert_flow_str; - }else{ - $alert_flow = 'empty'; - } - - /* IP Destination */ - $alert_ip_dst_str = get_snort_alert_ip_dst($fileline); - - if($alert_ip_dst_str != '') - { - $alert_ip_dst = $alert_ip_dst_str; - }else{ - $alert_ip_dst = 'empty'; - } - - /* IP DST Port */ - if ($snortalertlogt == 'full') - { - $alert_dst_p_str = get_snort_alert_dst_p_full($fileline); - }else{ - $alert_dst_p_str = get_snort_alert_dst_p($fileline); - } - - if($alert_dst_p_str != '') - { - $alert_dst_p_match = array(':',"\n"," TTL"); - $alert_dst_p_str2 = str_replace($alert_dst_p_match, '', "$alert_dst_p_str"); - $alert_dst_p_match2 = array('/[A-Z]/'); - $alert_dst_p = preg_replace($alert_dst_p_match2, '', "$alert_dst_p_str2"); - }else{ - $alert_dst_p = 'empty'; - } - - /* SID */ - $alert_sid_str = get_snort_alert_sid($fileline); - - if($alert_sid_str != '') - { - $alert_sid_match = array('[',']'); - $alert_sid = str_replace($alert_sid_match, '', "$alert_sid_str"); - }else{ - $alert_sid_str = 'empty'; - } - - /* NOTE: using one echo improves performance by 2x */ - if ($alert_disc != 'empty') - { - echo "<tr id=\"{$counter}\"> - <td class=\"centerAlign\">{$counter}</td> - <td class=\"centerAlign\">{$alert_priority}</td> - <td class=\"centerAlign\">{$alert_proto}</td> - <td>{$alert_disc}</td> - <td class=\"centerAlign\">{$alert_class}</td> - <td>{$alert_ip_src}</td> - <td class=\"centerAlign\">{$alert_src_p}</td> - <td class=\"centerAlign\">{$alert_flow}</td> - <td>{$alert_ip_dst}</td> - <td class=\"centerAlign\">{$alert_dst_p}</td> - <td class=\"centerAlign\">{$alert_sid}</td> - <td>{$alert_date}</td> - </tr>\n"; - } - - // <script type="text/javascript"> - // var myTable = {}; - // window.addEvent('domready', function(){ - // myTable = new sortableTable('myTable', {overCls: 'over', onClick: function(){alert(this.id)}}); - // }); - // </script> - - } - } - - ?> - </tbody> - </table> - </td> -</table> - -</div> - -<?php -include("fend.inc"); - -echo $snort_custom_rnd_box; - -?> -</body> -</html> +<?php
+/* $Id$ */
+/*
+ snort_alerts.php
+ part of pfSense
+
+ Copyright (C) 2005 Bill Marquette <bill.marquette@gmail.com>.
+ Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>.
+ Copyright (C) 2006 Scott Ullrich
+ All rights reserved.
+
+ Modified for the Pfsense snort package v. 1.8+
+ Copyright (C) 2009 Robert Zelaya Sr. Developer
+
+ Redistribution and use in source and binary forms, with or without
+ modification, are permitted provided that the following conditions are met:
+
+ 1. Redistributions of source code must retain the above copyright notice,
+ this list of conditions and the following disclaimer.
+
+ 2. Redistributions in binary form must reproduce the above copyright
+ notice, this list of conditions and the following disclaimer in the
+ documentation and/or other materials provided with the distribution.
+
+ THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
+ INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
+ AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
+ OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ POSSIBILITY OF SUCH DAMAGE.
+ */
+
+require_once("guiconfig.inc");
+require_once("/usr/local/pkg/snort/snort_gui.inc");
+require_once("/usr/local/pkg/snort/snort.inc");
+
+/* load only javascript that is needed */
+$snort_load_sortabletable = 'yes';
+$snort_load_mootools = 'yes';
+
+$snortalertlogt = $config['installedpackages']['snortglobal']['snortalertlogtype'];
+
+if (!is_array($config['installedpackages']['snortglobal']['rule']))
+ $config['installedpackages']['snortglobal']['rule'] = array();
+$a_instance = &$config['installedpackages']['snortglobal']['rule'];
+$snort_uuid = $a_instance[0]['uuid'];
+if ($_POST['instance'])
+ $snort_uuid = $a_instance[$_POST['instance']]['uuid'];
+
+if (is_array($config['installedpackages']['snortglobal']['alertsblocks'])) {
+ $pconfig['arefresh'] = $config['installedpackages']['snortglobal']['alertsblocks']['arefresh'];
+ $pconfig['alertnumber'] = $config['installedpackages']['snortglobal']['alertsblocks']['alertnumber'];
+ $anentries = $pconfig['alertnumber'];
+} else {
+ $anentries = '250';
+ $pconfig['alertnumber'] = '250';
+ $pconfig['arefresh'] = 'off';
+}
+
+if ($_POST['save'])
+{
+ //unset($input_errors);
+ //$pconfig = $_POST;
+
+ /* input validation */
+ if ($_POST['save'])
+ {
+
+ // if (($_POST['radiusacctport'] && !is_port($_POST['radiusacctport']))) {
+ // $input_errors[] = "A valid port number must be specified. [".$_POST['radiusacctport']."]";
+ // }
+
+ }
+
+ /* no errors */
+ if (!$input_errors) {
+ if (!is_array($config['installedpackages']['snortglobal']['alertsblocks']))
+ $config['installedpackages']['snortglobal']['alertsblocks'] = array();
+ $config['installedpackages']['snortglobal']['alertsblocks']['arefresh'] = $_POST['arefresh'] ? 'on' : 'off';
+ $config['installedpackages']['snortglobal']['alertsblocks']['alertnumber'] = $_POST['alertnumber'];
+
+ write_config();
+
+ header("Location: /snort/snort_alerts.php");
+ exit;
+ }
+
+}
+
+if ($_GET['action'] == "clear" || $_POST['clear'])
+{
+ if (file_exists("/var/log/snort/alert_{$snort_uuid}"))
+ {
+ conf_mount_rw();
+ @file_put_contents("/var/log/snort/alert_{$snort_uuid}", "");
+ post_delete_logs();
+ /* XXX: This is needed is snort is run as snort user */
+ //mwexec('/usr/sbin/chown snort:snort /var/log/snort/*', true);
+ mwexec('/bin/chmod 660 /var/log/snort/*', true);
+ mwexec('/usr/bin/killall -HUP snort', true);
+ conf_mount_ro();
+ }
+ header("Location: /snort/snort_alerts.php");
+ exit;
+}
+
+if ($_POST['download'])
+{
+
+ $save_date = exec('/bin/date "+%Y-%m-%d-%H-%M-%S"');
+ $file_name = "snort_logs_{$save_date}.tar.gz";
+ exec("/usr/bin/tar cfz /tmp/{$file_name} /var/log/snort");
+
+ if (file_exists("/tmp/{$file_name}")) {
+ $file = "/tmp/snort_logs_{$save_date}.tar.gz";
+ header("Expires: Mon, 26 Jul 1997 05:00:00 GMT\n");
+ header("Pragma: private"); // needed for IE
+ header("Cache-Control: private, must-revalidate"); // needed for IE
+ header('Content-type: application/force-download');
+ header('Content-Transfer-Encoding: Binary');
+ header("Content-length: ".filesize($file));
+ header("Content-disposition: attachment; filename = {$file_name}");
+ readfile("$file");
+ exec("/bin/rm /tmp/{$file_name}");
+ }
+
+ header("Location: /snort/snort_alerts.php");
+ exit;
+}
+
+
+/* WARNING: took me forever to figure reg expression, dont lose */
+// $fileline = '12/09-18:12:02.086733 [**] [122:6:0] (portscan) TCP Filtered Decoy Portscan [**] [Priority: 3] {PROTO:255} 125.135.214.166 -> 70.61.243.50';
+function get_snort_alert_date($fileline)
+{
+ /* date full date \d+\/\d+-\d+:\d+:\d+\.\d+\s */
+ if (preg_match("/\d+\/\d+-\d+:\d+:\d\d/", $fileline, $matches1))
+ $alert_date = "$matches1[0]";
+
+ return $alert_date;
+}
+
+function get_snort_alert_disc($fileline)
+{
+ /* disc */
+ if (preg_match("/\[\*\*\] (\[.*\]) (.*) (\[\*\*\])/", $fileline, $matches))
+ $alert_disc = "$matches[2]";
+
+ return $alert_disc;
+}
+
+function get_snort_alert_class($fileline)
+{
+ /* class */
+ if (preg_match('/\[Classification:\s.+[^\d]\]/', $fileline, $matches2))
+ $alert_class = "$matches2[0]";
+
+ return $alert_class;
+}
+
+function get_snort_alert_priority($fileline)
+{
+ /* Priority */
+ if (preg_match('/Priority:\s\d/', $fileline, $matches3))
+ $alert_priority = "$matches3[0]";
+
+ return $alert_priority;
+}
+
+function get_snort_alert_proto($fileline)
+{
+ /* Priority */
+ if (preg_match('/\{.+\}/', $fileline, $matches3))
+ $alert_proto = "$matches3[0]";
+
+ return $alert_proto;
+}
+
+function get_snort_alert_proto_full($fileline)
+{
+ /* Protocal full */
+ if (preg_match('/.+\sTTL/', $fileline, $matches2))
+ $alert_proto_full = "$matches2[0]";
+
+ return $alert_proto_full;
+}
+
+function get_snort_alert_ip_src($fileline)
+{
+ /* SRC IP */
+ $re1='.*?'; # Non-greedy match on filler
+ $re2='((?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\\.){3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?))(?![\\d])'; # IPv4 IP Address 1
+
+ if ($c=preg_match_all ("/".$re1.$re2."/is", $fileline, $matches4))
+ $alert_ip_src = $matches4[1][0];
+
+ return $alert_ip_src;
+}
+
+function get_snort_alert_src_p($fileline)
+{
+ /* source port */
+ if (preg_match('/:\d+\s-/', $fileline, $matches5))
+ $alert_src_p = "$matches5[0]";
+
+ return $alert_src_p;
+}
+
+function get_snort_alert_flow($fileline)
+{
+ /* source port */
+ if (preg_match('/(->|<-)/', $fileline, $matches5))
+ $alert_flow = "$matches5[0]";
+
+ return $alert_flow;
+}
+
+function get_snort_alert_ip_dst($fileline)
+{
+ /* DST IP */
+ $re1dp='.*?'; # Non-greedy match on filler
+ $re2dp='(?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\\.){3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)(?![\\d])'; # Uninteresting: ipaddress
+ $re3dp='.*?'; # Non-greedy match on filler
+ $re4dp='((?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\\.){3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?))(?![\\d])'; # IPv4 IP Address 1
+
+ if ($c=preg_match_all ("/".$re1dp.$re2dp.$re3dp.$re4dp."/is", $fileline, $matches6))
+ $alert_ip_dst = $matches6[1][0];
+
+ return $alert_ip_dst;
+}
+
+function get_snort_alert_dst_p($fileline)
+{
+ /* dst port */
+ if (preg_match('/:\d+$/', $fileline, $matches7))
+ $alert_dst_p = "$matches7[0]";
+
+ return $alert_dst_p;
+}
+
+function get_snort_alert_dst_p_full($fileline)
+{
+ /* dst port full */
+ if (preg_match('/:\d+\n[A-Z]+\sTTL/', $fileline, $matches7))
+ $alert_dst_p = "$matches7[0]";
+
+ return $alert_dst_p;
+}
+
+function get_snort_alert_sid($fileline)
+{
+ /* SID */
+ if (preg_match('/\[\d+:\d+:\d+\]/', $fileline, $matches8))
+ $alert_sid = "$matches8[0]";
+
+ return $alert_sid;
+}
+
+$pgtitle = "Services: Snort: Snort Alerts";
+include_once("head.inc");
+
+?>
+
+<body link="#0000CC" vlink="#0000CC" alink="#0000CC">
+
+<?php
+
+include_once("fbegin.inc");
+echo $snort_general_css;
+
+/* refresh every 60 secs */
+if ($pconfig['arefresh'] == 'on')
+ echo "<meta http-equiv=\"refresh\" content=\"60;url=/snort/snort_alerts.php\" />\n";
+?>
+
+<div class="body2"><?if($pfsense_stable == 'yes'){echo '<p class="pgtitle">' . $pgtitle . '</p>';}?>
+
+<table width="100%" border="0" cellpadding="0" cellspacing="0">
+<tr><td>
+<?php
+ $tab_array = array();
+ $tab_array[0] = array(gettext("Snort Interfaces"), false, "/snort/snort_interfaces.php");
+ $tab_array[1] = array(gettext("Global Settings"), false, "/snort/snort_interfaces_global.php");
+ $tab_array[2] = array(gettext("Updates"), false, "/snort/snort_download_updates.php");
+ $tab_array[3] = array(gettext("Alerts"), true, "/snort/snort_alerts.php");
+ $tab_array[4] = array(gettext("Blocked"), false, "/snort/snort_blocked.php");
+ $tab_array[5] = array(gettext("Whitelists"), false, "/snort/snort_interfaces_whitelist.php");
+ $tab_array[6] = array(gettext("Suppress"), false, "/snort/snort_interfaces_suppress.php");
+ $tab_array[7] = array(gettext("Help"), false, "/snort/help_and_info.php");
+ display_top_tabs($tab_array);
+?>
+</td></tr>
+<tr>
+ <td>
+ <div id="mainarea2">
+ <table class="tabcont" width="100%" border="1" cellspacing="0" cellpadding="0">
+ <form action="/snort/snort_alerts.php" method="post" id="formalert">
+ <tr>
+ <td width="22%" colspan="0" class="listtopic">Last <?=$anentries;?> Alert Entries.</td>
+ <td width="78%" class="listtopic">Latest Alert Entries Are Listed First.</td>
+ </tr>
+ <tr>
+ <td width="22%" class="vncell">Instance to inspect</td>
+ <td width="78%" class="vtable">
+ <br/> <select name="instance" id="instance" class="formfld unkown" onChange="document.getElementById('formalert').submit()">
+ <?php
+ foreach ($a_instance as $id => $instance) {
+ echo "<option value='{$id}'> (" . snort_get_friendly_interface($instance['interface']) . "){$instance['descr']}</option>\n";
+ }
+ ?>
+ </select><br/> Choose which instance alerts you want to inspect.
+ </td>
+ <tr>
+ <td width="22%" class="vncell">Save or Remove Logs</td>
+ <td width="78%" class="vtable">
+ <input name="download" type="submit" class="formbtn" value="Download"> All
+ log files will be saved. <a href="/snort/snort_alerts.php?action=clear">
+ <input name="delete" type="button" class="formbtn" value="Clear"
+ onclick="return confirm('Do you really want to remove all instance logs?')"></a>
+ <span class="red"><strong>Warning:</strong></span> all log files will be deleted.
+ </td>
+ </tr>
+ <tr>
+ <td width="22%" class="vncell">Auto Refresh and Log View</td>
+ <td width="78%" class="vtable">
+ <input name="save" type="submit" class="formbtn" value="Save">
+ Refresh <input name="arefresh" type="checkbox" value="on"
+ <?php if ($config['installedpackages']['snortglobal']['alertsblocks']['arefresh']=="on") echo "checked"; ?>>
+ <strong>Default</strong> is <strong>ON</strong>.
+ <input name="alertnumber" type="text" class="formfld" id="alertnumber" size="5" value="<?=htmlspecialchars($anentries);?>">
+ Enter the number of log entries to view. <strong>Default</strong> is <strong>250</strong>.
+ </td>
+ </tr>
+ </form>
+ </table>
+ </div>
+ </td>
+ </tr>
+</table>
+<table width="100%" border="0" cellpadding="0" cellspacing="0">
+ <td width="100%"><br>
+ <div class="tableFilter">
+ <form id="tableFilter"
+ onsubmit="myTable.filter(this.id); return false;">Filter: <select
+ id="column">
+ <option value="1">PRIORITY</option>
+ <option value="2">PROTO</option>
+ <option value="3">DESCRIPTION</option>
+ <option value="4">CLASS</option>
+ <option value="5">SRC</option>
+ <option value="6">SRC PORT</option>
+ <option value="7">FLOW</option>
+ <option value="8">DST</option>
+ <option value="9">DST PORT</option>
+ <option value="10">SID</option>
+ <option value="11">Date</option>
+ </select> <input type="text" id="keyword" /> <input type="submit"
+ value="Submit" /> <input type="reset" value="Clear" /></form>
+ </div>
+ <table class="allRow" id="myTable" width="100%" border="2"
+ cellpadding="1" cellspacing="1">
+ <thead>
+ <th axis="number">#</th>
+ <th axis="string">PRI</th>
+ <th axis="string">PROTO</th>
+ <th axis="string">DESCRIPTION</th>
+ <th axis="string">CLASS</th>
+ <th axis="string">SRC</th>
+ <th axis="string">SPORT</th>
+ <th axis="string">FLOW</th>
+ <th axis="string">DST</th>
+ <th axis="string">DPORT</th>
+ <th axis="string">SID</th>
+ <th axis="date">Date</th>
+ </thead>
+ <tbody>
+ <?php
+
+ /* make sure alert file exists */
+ if (!file_exists("/var/log/snort/alert_{$snort_uuid}"))
+ exec("/usr/bin/touch /var/log/snort/alert_{$snort_uuid}");
+
+ $logent = $anentries;
+
+ /* detect the alert file type */
+ if ($snortalertlogt == 'full')
+ $alerts_array = array_reverse(array_filter(explode("\n\n", file_get_contents("/var/log/snort/alert_{$snort_uuid}"))));
+ else
+ $alerts_array = array_reverse(array_filter(split("\n", file_get_contents("/var/log/snort/alert_{$snort_uuid}"))));
+
+
+
+ if (is_array($alerts_array)) {
+
+ $counter = 0;
+ foreach($alerts_array as $fileline)
+ {
+
+ if($logent <= $counter)
+ continue;
+
+ $counter++;
+
+ /* Date */
+ $alert_date_str = get_snort_alert_date($fileline);
+
+ if($alert_date_str != '')
+ {
+ $alert_date = $alert_date_str;
+ }else{
+ $alert_date = 'empty';
+ }
+
+ /* Discription */
+ $alert_disc_str = get_snort_alert_disc($fileline);
+
+ if($alert_disc_str != '')
+ {
+ $alert_disc = $alert_disc_str;
+ }else{
+ $alert_disc = 'empty';
+ }
+
+ /* Classification */
+ $alert_class_str = get_snort_alert_class($fileline);
+
+ if($alert_class_str != '')
+ {
+
+ $alert_class_match = array('[Classification:',']');
+ $alert_class = str_replace($alert_class_match, '', "$alert_class_str");
+ }else{
+ $alert_class = 'Prep';
+ }
+
+ /* Priority */
+ $alert_priority_str = get_snort_alert_priority($fileline);
+
+ if($alert_priority_str != '')
+ {
+ $alert_priority_match = array('Priority: ',']');
+ $alert_priority = str_replace($alert_priority_match, '', "$alert_priority_str");
+ }else{
+ $alert_priority = 'empty';
+ }
+
+ /* Protocol */
+ /* Detect alert file type */
+ if ($snortalertlogt == 'full')
+ {
+ $alert_proto_str = get_snort_alert_proto_full($fileline);
+ }else{
+ $alert_proto_str = get_snort_alert_proto($fileline);
+ }
+
+ if($alert_proto_str != '')
+ {
+ $alert_proto_match = array(" TTL",'{','}');
+ $alert_proto = str_replace($alert_proto_match, '', "$alert_proto_str");
+ }else{
+ $alert_proto = 'empty';
+ }
+
+ /* IP SRC */
+ $alert_ip_src_str = get_snort_alert_ip_src($fileline);
+
+ if($alert_ip_src_str != '')
+ {
+ $alert_ip_src = $alert_ip_src_str;
+ }else{
+ $alert_ip_src = 'empty';
+ }
+
+ /* IP SRC Port */
+ $alert_src_p_str = get_snort_alert_src_p($fileline);
+
+ if($alert_src_p_str != '')
+ {
+ $alert_src_p_match = array(' -',':');
+ $alert_src_p = str_replace($alert_src_p_match, '', "$alert_src_p_str");
+ }else{
+ $alert_src_p = 'empty';
+ }
+
+ /* Flow */
+ $alert_flow_str = get_snort_alert_flow($fileline);
+
+ if($alert_flow_str != '')
+ {
+ $alert_flow = $alert_flow_str;
+ }else{
+ $alert_flow = 'empty';
+ }
+
+ /* IP Destination */
+ $alert_ip_dst_str = get_snort_alert_ip_dst($fileline);
+
+ if($alert_ip_dst_str != '')
+ {
+ $alert_ip_dst = $alert_ip_dst_str;
+ }else{
+ $alert_ip_dst = 'empty';
+ }
+
+ /* IP DST Port */
+ if ($snortalertlogt == 'full')
+ {
+ $alert_dst_p_str = get_snort_alert_dst_p_full($fileline);
+ }else{
+ $alert_dst_p_str = get_snort_alert_dst_p($fileline);
+ }
+
+ if($alert_dst_p_str != '')
+ {
+ $alert_dst_p_match = array(':',"\n"," TTL");
+ $alert_dst_p_str2 = str_replace($alert_dst_p_match, '', "$alert_dst_p_str");
+ $alert_dst_p_match2 = array('/[A-Z]/');
+ $alert_dst_p = preg_replace($alert_dst_p_match2, '', "$alert_dst_p_str2");
+ }else{
+ $alert_dst_p = 'empty';
+ }
+
+ /* SID */
+ $alert_sid_str = get_snort_alert_sid($fileline);
+
+ if($alert_sid_str != '')
+ {
+ $alert_sid_match = array('[',']');
+ $alert_sid = str_replace($alert_sid_match, '', "$alert_sid_str");
+ }else{
+ $alert_sid_str = 'empty';
+ }
+
+ /* NOTE: using one echo improves performance by 2x */
+ if ($alert_disc != 'empty')
+ {
+ echo "<tr id=\"{$counter}\">
+ <td class=\"centerAlign\">{$counter}</td>
+ <td class=\"centerAlign\">{$alert_priority}</td>
+ <td class=\"centerAlign\">{$alert_proto}</td>
+ <td>{$alert_disc}</td>
+ <td class=\"centerAlign\">{$alert_class}</td>
+ <td>{$alert_ip_src}</td>
+ <td class=\"centerAlign\">{$alert_src_p}</td>
+ <td class=\"centerAlign\">{$alert_flow}</td>
+ <td>{$alert_ip_dst}</td>
+ <td class=\"centerAlign\">{$alert_dst_p}</td>
+ <td class=\"centerAlign\">{$alert_sid}</td>
+ <td>{$alert_date}</td>
+ </tr>\n";
+ }
+
+ // <script type="text/javascript">
+ // var myTable = {};
+ // window.addEvent('domready', function(){
+ // myTable = new sortableTable('myTable', {overCls: 'over', onClick: function(){alert(this.id)}});
+ // });
+ // </script>
+
+ }
+ }
+
+ ?>
+ </tbody>
+ </table>
+ </td>
+</table>
+
+</div>
+
+<?php
+include("fend.inc");
+
+echo $snort_custom_rnd_box;
+
+?>
+</body>
+</html>
diff --git a/config/snort-dev/snort_barnyard.php b/config/snort-dev/snort_barnyard.php index b647c007..39008284 100644 --- a/config/snort-dev/snort_barnyard.php +++ b/config/snort-dev/snort_barnyard.php @@ -1,269 +1,269 @@ -<?php -/* $Id$ */ -/* - snort_interfaces.php - part of m0n0wall (http://m0n0.ch/wall) - - Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>. - Copyright (C) 2008-2009 Robert Zelaya. - All rights reserved. - - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions are met: - - 1. Redistributions of source code must retain the above copyright notice, - this list of conditions and the following disclaimer. - - 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. - - THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, - INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY - AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, - OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - POSSIBILITY OF SUCH DAMAGE. - */ - -/* - -TODO: Nov 12 09 -Clean this code up its ugly -Important add error checking - -*/ - -require_once("guiconfig.inc"); -require_once("/usr/local/pkg/snort/snort_gui.inc"); -require_once("/usr/local/pkg/snort/snort.inc"); - -global $g; - -$id = $_GET['id']; -if (isset($_POST['id'])) - $id = $_POST['id']; -if (is_null($id)) { - header("Location: /snort/snort_interfaces.php"); - exit; -} - -if (!is_array($config['installedpackages']['snortglobal']['rule'])) - $config['installedpackages']['snortglobal']['rule'] = array(); -$a_nat = &$config['installedpackages']['snortglobal']['rule']; - -if (isset($_GET['dup'])) { - $id = $_GET['dup']; - $after = $_GET['dup']; -} - -$pconfig = array(); -if (isset($id) && $a_nat[$id]) { - /* old options */ - $pconfig = $a_nat[$id]; - $pconfig['barnyard_enable'] = $a_nat[$id]['barnyard_enable']; - $pconfig['barnyard_mysql'] = $a_nat[$id]['barnyard_mysql']; - $pconfig['barnconfigpassthru'] = base64_decode($a_nat[$id]['barnconfigpassthru']); -} - -if (isset($_GET['dup'])) - unset($id); - -$if_real = snort_get_real_interface($pconfig['interface']); -$snort_uuid = $pconfig['uuid']; - -/* alert file */ -$d_snortconfdirty_path = "/var/run/snort_conf_{$snort_uuid}_{$if_real}.dirty"; - -if ($_POST) { - - /* XXX: Mising error reporting?! - * check for overlaps - foreach ($a_nat as $natent) { - if (isset($id) && ($a_nat[$id]) && ($a_nat[$id] === $natent)) - continue; - if ($natent['interface'] != $_POST['interface']) - continue; - } - */ - - /* if no errors write to conf */ - if (!$input_errors) { - $natent = array(); - /* repost the options already in conf */ - $natent = $pconfig; - - $natent['barnyard_enable'] = $_POST['barnyard_enable'] ? 'on' : 'off'; - $natent['barnyard_mysql'] = $_POST['barnyard_mysql'] ? $_POST['barnyard_mysql'] : $pconfig['barnyard_mysql']; - $natent['barnconfigpassthru'] = $_POST['barnconfigpassthru'] ? base64_encode($_POST['barnconfigpassthru']) : $pconfig['barnconfigpassthru']; - if ($_POST['barnyard_enable'] == "on") - $natent['snortunifiedlog'] = 'on'; - else - $natent['snortunifiedlog'] = 'off'; - - if (isset($id) && $a_nat[$id]) - $a_nat[$id] = $natent; - else { - if (is_numeric($after)) - array_splice($a_nat, $after+1, 0, array($natent)); - else - $a_nat[] = $natent; - } - - write_config(); - sync_snort_package_config(); - - /* after click go to this page */ - header( 'Expires: Sat, 26 Jul 1997 05:00:00 GMT' ); - header( 'Last-Modified: ' . gmdate( 'D, d M Y H:i:s' ) . ' GMT' ); - header( 'Cache-Control: no-store, no-cache, must-revalidate' ); - header( 'Cache-Control: post-check=0, pre-check=0', false ); - header( 'Pragma: no-cache' ); - header("Location: snort_barnyard.php?id=$id"); - exit; - } -} - -$pgtitle = "Snort: Interface: $id$if_real Barnyard2 Edit"; -include_once("head.inc"); - -?> -<body - link="#0000CC" vlink="#0000CC" alink="#0000CC"> - - -<?php include("fbegin.inc"); ?> -<?if($pfsense_stable == 'yes'){echo '<p class="pgtitle">' . $pgtitle . '</p>';}?> - -<?php -echo "{$snort_general_css}\n"; -?> - -<div class="body2"> - -<noscript> -<div class="alert" ALIGN=CENTER><img - src="../themes/<?php echo $g['theme']; ?>/images/icons/icon_alert.gif" /><strong>Please -enable JavaScript to view this content -</CENTER></div> -</noscript> - -<script language="JavaScript"> -<!-- - -function enable_change(enable_change) { - endis = !(document.iform.barnyard_enable.checked || enable_change); - // make shure a default answer is called if this is envoked. - endis2 = (document.iform.barnyard_enable); - - document.iform.barnyard_mysql.disabled = endis; - document.iform.barnconfigpassthru.disabled = endis; -} -//--> -</script> -<body link="#0000CC" vlink="#0000CC" alink="#0000CC"> -<form action="snort_barnyard.php" method="post" - enctype="multipart/form-data" name="iform" id="iform"><?php - - /* Display Alert message */ - if ($input_errors) { - print_input_errors($input_errors); // TODO: add checks - } - - if ($savemsg) { - print_info_box2($savemsg); - } - - ?> - -<table width="100%" border="0" cellpadding="0" cellspacing="0"> -<tr><td> -<?php - $tab_array = array(); - $tabid = 0; - $tab_array[$tabid] = array(gettext("Snort Interfaces"), false, "/snort/snort_interfaces.php"); - $tabid++; - $tab_array[$tabid] = array(gettext("If Settings"), false, "/snort/snort_interfaces_edit.php?id={$id}"); - $tabid++; - $tab_array[$tabid] = array(gettext("Categories"), false, "/snort/snort_rulesets.php?id={$id}"); - $tabid++; - $tab_array[$tabid] = array(gettext("Rules"), false, "/snort/snort_rules.php?id={$id}"); - $tabid++; - $tab_array[$tabid] = array(gettext("Servers"), false, "/snort/snort_define_servers.php?id={$id}"); - $tabid++; - $tab_array[$tabid] = array(gettext("Preprocessors"), false, "/snort/snort_preprocessors.php?id={$id}"); - $tabid++; - $tab_array[$tabid] = array(gettext("Barnyard2"), true, "/snort/snort_barnyard.php?id={$id}"); - display_top_tabs($tab_array); -?> -</td></tr> - <tr> - <td class="tabcont"> - <table width="100%" border="0" cellpadding="6" cellspacing="0"> - <tr> - <td colspan="2" valign="top" class="listtopic">General Barnyard2 - Settings</td> - </tr> - <tr> - <td width="22%" valign="top" class="vncellreq2">Enable</td> - <td width="78%" class="vtable"> - <input name="barnyard_enable" type="checkbox" value="on" <?php if ($pconfig['barnyard_enable'] == "on") echo "checked"; ?> onClick="enable_change(false)"> - <strong>Enable Barnyard2 </strong><br> - This will enable barnyard2 for this interface. You will also have to set the database credentials.</td> - </tr> - <tr> - <td colspan="2" valign="top" class="listtopic">Mysql Settings</td> - </tr> - <tr> - <td width="22%" valign="top" class="vncell2">Log to a Mysql Database</td> - <td width="78%" class="vtable"><input name="barnyard_mysql" - type="text" class="formfld" id="barnyard_mysql" size="100" - value="<?=htmlspecialchars($pconfig['barnyard_mysql']);?>"> <br> - <span class="vexpl">Example: output database: alert, mysql, - dbname=snort user=snort host=localhost password=xyz<br> - Example: output database: log, mysql, dbname=snort user=snort - host=localhost password=xyz</span></td> - </tr> - <tr> - <td colspan="2" valign="top" class="listtopic">Advanced Settings</td> - </tr> - <tr> - <td width="22%" valign="top" class="vncell2">Advanced configuration - pass through</td> - <td width="78%" class="vtable"><textarea name="barnconfigpassthru" - cols="100" rows="7" id="barnconfigpassthru" class="formpre"><?=htmlspecialchars($pconfig['barnconfigpassthru']);?></textarea> - <br> - Arguments here will be automatically inserted into the running - barnyard2 configuration.</td> - </tr> - <tr> - <td width="22%" valign="top"> </td> - <td width="78%"> - <input name="Submit" type="submit" class="formbtn" value="Save"> - <input name="id" type="hidden" value="<?=$id;?>"> </td> - </tr> - <tr> - <td width="22%" valign="top"> </td> - <td width="78%"><span class="vexpl"><span class="red"><strong>Note:</strong></span> - <br> - Please save your settings befor you click start. </td> - </tr> - </table> - -</table> -</form> - -</div> - -<script language="JavaScript"> -<!-- -enable_change(false); -//--> -</script> -<?php include("fend.inc"); ?> -</body> -</html> +<?php
+/* $Id$ */
+/*
+ snort_interfaces.php
+ part of m0n0wall (http://m0n0.ch/wall)
+
+ Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>.
+ Copyright (C) 2008-2009 Robert Zelaya.
+ All rights reserved.
+
+ Redistribution and use in source and binary forms, with or without
+ modification, are permitted provided that the following conditions are met:
+
+ 1. Redistributions of source code must retain the above copyright notice,
+ this list of conditions and the following disclaimer.
+
+ 2. Redistributions in binary form must reproduce the above copyright
+ notice, this list of conditions and the following disclaimer in the
+ documentation and/or other materials provided with the distribution.
+
+ THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
+ INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
+ AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
+ OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ POSSIBILITY OF SUCH DAMAGE.
+ */
+
+/*
+
+TODO: Nov 12 09
+Clean this code up its ugly
+Important add error checking
+
+*/
+
+require_once("guiconfig.inc");
+require_once("/usr/local/pkg/snort/snort_gui.inc");
+require_once("/usr/local/pkg/snort/snort.inc");
+
+global $g;
+
+$id = $_GET['id'];
+if (isset($_POST['id']))
+ $id = $_POST['id'];
+if (is_null($id)) {
+ header("Location: /snort/snort_interfaces.php");
+ exit;
+}
+
+if (!is_array($config['installedpackages']['snortglobal']['rule']))
+ $config['installedpackages']['snortglobal']['rule'] = array();
+$a_nat = &$config['installedpackages']['snortglobal']['rule'];
+
+if (isset($_GET['dup'])) {
+ $id = $_GET['dup'];
+ $after = $_GET['dup'];
+}
+
+$pconfig = array();
+if (isset($id) && $a_nat[$id]) {
+ /* old options */
+ $pconfig = $a_nat[$id];
+ $pconfig['barnyard_enable'] = $a_nat[$id]['barnyard_enable'];
+ $pconfig['barnyard_mysql'] = $a_nat[$id]['barnyard_mysql'];
+ $pconfig['barnconfigpassthru'] = base64_decode($a_nat[$id]['barnconfigpassthru']);
+}
+
+if (isset($_GET['dup']))
+ unset($id);
+
+$if_real = snort_get_real_interface($pconfig['interface']);
+$snort_uuid = $pconfig['uuid'];
+
+/* alert file */
+$d_snortconfdirty_path = "/var/run/snort_conf_{$snort_uuid}_{$if_real}.dirty";
+
+if ($_POST) {
+
+ /* XXX: Mising error reporting?!
+ * check for overlaps
+ foreach ($a_nat as $natent) {
+ if (isset($id) && ($a_nat[$id]) && ($a_nat[$id] === $natent))
+ continue;
+ if ($natent['interface'] != $_POST['interface'])
+ continue;
+ }
+ */
+
+ /* if no errors write to conf */
+ if (!$input_errors) {
+ $natent = array();
+ /* repost the options already in conf */
+ $natent = $pconfig;
+
+ $natent['barnyard_enable'] = $_POST['barnyard_enable'] ? 'on' : 'off';
+ $natent['barnyard_mysql'] = $_POST['barnyard_mysql'] ? $_POST['barnyard_mysql'] : $pconfig['barnyard_mysql'];
+ $natent['barnconfigpassthru'] = $_POST['barnconfigpassthru'] ? base64_encode($_POST['barnconfigpassthru']) : $pconfig['barnconfigpassthru'];
+ if ($_POST['barnyard_enable'] == "on")
+ $natent['snortunifiedlog'] = 'on';
+ else
+ $natent['snortunifiedlog'] = 'off';
+
+ if (isset($id) && $a_nat[$id])
+ $a_nat[$id] = $natent;
+ else {
+ if (is_numeric($after))
+ array_splice($a_nat, $after+1, 0, array($natent));
+ else
+ $a_nat[] = $natent;
+ }
+
+ write_config();
+ sync_snort_package_config();
+
+ /* after click go to this page */
+ header( 'Expires: Sat, 26 Jul 1997 05:00:00 GMT' );
+ header( 'Last-Modified: ' . gmdate( 'D, d M Y H:i:s' ) . ' GMT' );
+ header( 'Cache-Control: no-store, no-cache, must-revalidate' );
+ header( 'Cache-Control: post-check=0, pre-check=0', false );
+ header( 'Pragma: no-cache' );
+ header("Location: snort_barnyard.php?id=$id");
+ exit;
+ }
+}
+
+$pgtitle = "Snort: Interface: $id$if_real Barnyard2 Edit";
+include_once("head.inc");
+
+?>
+<body
+ link="#0000CC" vlink="#0000CC" alink="#0000CC">
+
+
+<?php include("fbegin.inc"); ?>
+<?if($pfsense_stable == 'yes'){echo '<p class="pgtitle">' . $pgtitle . '</p>';}?>
+
+<?php
+echo "{$snort_general_css}\n";
+?>
+
+<div class="body2">
+
+<noscript>
+<div class="alert" ALIGN=CENTER><img
+ src="../themes/<?php echo $g['theme']; ?>/images/icons/icon_alert.gif" /><strong>Please
+enable JavaScript to view this content
+</CENTER></div>
+</noscript>
+
+<script language="JavaScript">
+<!--
+
+function enable_change(enable_change) {
+ endis = !(document.iform.barnyard_enable.checked || enable_change);
+ // make shure a default answer is called if this is envoked.
+ endis2 = (document.iform.barnyard_enable);
+
+ document.iform.barnyard_mysql.disabled = endis;
+ document.iform.barnconfigpassthru.disabled = endis;
+}
+//-->
+</script>
+<body link="#0000CC" vlink="#0000CC" alink="#0000CC">
+<form action="snort_barnyard.php" method="post"
+ enctype="multipart/form-data" name="iform" id="iform"><?php
+
+ /* Display Alert message */
+ if ($input_errors) {
+ print_input_errors($input_errors); // TODO: add checks
+ }
+
+ if ($savemsg) {
+ print_info_box2($savemsg);
+ }
+
+ ?>
+
+<table width="100%" border="0" cellpadding="0" cellspacing="0">
+<tr><td>
+<?php
+ $tab_array = array();
+ $tabid = 0;
+ $tab_array[$tabid] = array(gettext("Snort Interfaces"), false, "/snort/snort_interfaces.php");
+ $tabid++;
+ $tab_array[$tabid] = array(gettext("If Settings"), false, "/snort/snort_interfaces_edit.php?id={$id}");
+ $tabid++;
+ $tab_array[$tabid] = array(gettext("Categories"), false, "/snort/snort_rulesets.php?id={$id}");
+ $tabid++;
+ $tab_array[$tabid] = array(gettext("Rules"), false, "/snort/snort_rules.php?id={$id}");
+ $tabid++;
+ $tab_array[$tabid] = array(gettext("Servers"), false, "/snort/snort_define_servers.php?id={$id}");
+ $tabid++;
+ $tab_array[$tabid] = array(gettext("Preprocessors"), false, "/snort/snort_preprocessors.php?id={$id}");
+ $tabid++;
+ $tab_array[$tabid] = array(gettext("Barnyard2"), true, "/snort/snort_barnyard.php?id={$id}");
+ display_top_tabs($tab_array);
+?>
+</td></tr>
+ <tr>
+ <td class="tabcont">
+ <table width="100%" border="0" cellpadding="6" cellspacing="0">
+ <tr>
+ <td colspan="2" valign="top" class="listtopic">General Barnyard2
+ Settings</td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncellreq2">Enable</td>
+ <td width="78%" class="vtable">
+ <input name="barnyard_enable" type="checkbox" value="on" <?php if ($pconfig['barnyard_enable'] == "on") echo "checked"; ?> onClick="enable_change(false)">
+ <strong>Enable Barnyard2 </strong><br>
+ This will enable barnyard2 for this interface. You will also have to set the database credentials.</td>
+ </tr>
+ <tr>
+ <td colspan="2" valign="top" class="listtopic">Mysql Settings</td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncell2">Log to a Mysql Database</td>
+ <td width="78%" class="vtable"><input name="barnyard_mysql"
+ type="text" class="formfld" id="barnyard_mysql" size="100"
+ value="<?=htmlspecialchars($pconfig['barnyard_mysql']);?>"> <br>
+ <span class="vexpl">Example: output database: alert, mysql,
+ dbname=snort user=snort host=localhost password=xyz<br>
+ Example: output database: log, mysql, dbname=snort user=snort
+ host=localhost password=xyz</span></td>
+ </tr>
+ <tr>
+ <td colspan="2" valign="top" class="listtopic">Advanced Settings</td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncell2">Advanced configuration
+ pass through</td>
+ <td width="78%" class="vtable"><textarea name="barnconfigpassthru"
+ cols="100" rows="7" id="barnconfigpassthru" class="formpre"><?=htmlspecialchars($pconfig['barnconfigpassthru']);?></textarea>
+ <br>
+ Arguments here will be automatically inserted into the running
+ barnyard2 configuration.</td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top"> </td>
+ <td width="78%">
+ <input name="Submit" type="submit" class="formbtn" value="Save">
+ <input name="id" type="hidden" value="<?=$id;?>"> </td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top"> </td>
+ <td width="78%"><span class="vexpl"><span class="red"><strong>Note:</strong></span>
+ <br>
+ Please save your settings befor you click start. </td>
+ </tr>
+ </table>
+
+</table>
+</form>
+
+</div>
+
+<script language="JavaScript">
+<!--
+enable_change(false);
+//-->
+</script>
+<?php include("fend.inc"); ?>
+</body>
+</html>
diff --git a/config/snort-dev/snort_blocked.php b/config/snort-dev/snort_blocked.php index 932e0983..d81f561f 100644 --- a/config/snort-dev/snort_blocked.php +++ b/config/snort-dev/snort_blocked.php @@ -1,426 +1,426 @@ -<?php -/* $Id$ */ -/* - snort_blocked.php - Copyright (C) 2006 Scott Ullrich - All rights reserved. - - Modified for the Pfsense snort package v. 1.8+ - Copyright (C) 2009 Robert Zelaya Sr. Developer - - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions are met: - - 1. Redistributions of source code must retain the above copyright notice, - this list of conditions and the following disclaimer. - - 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. - - THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, - INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY - AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, - OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - POSSIBILITY OF SUCH DAMAGE. - */ - -require_once("guiconfig.inc"); -require_once("/usr/local/pkg/snort/snort_gui.inc"); -require_once("/usr/local/pkg/snort/snort.inc"); - -if (!is_array($config['installedpackages']['snortglobal']['alertsblocks'])) - $config['installedpackages']['snortglobal']['alertsblocks'] = array(); - -$pconfig['brefresh'] = $config['installedpackages']['snortglobal']['alertsblocks']['brefresh']; -$pconfig['blertnumber'] = $config['installedpackages']['snortglobal']['alertsblocks']['blertnumber']; - -if ($pconfig['blertnumber'] == '' || $pconfig['blertnumber'] == '0') -{ - $bnentries = '500'; -}else{ - $bnentries = $pconfig['blertnumber']; -} - -if($_POST['todelete'] or $_GET['todelete']) { - if($_POST['todelete']) - $ip = $_POST['todelete']; - if($_GET['todelete']) - $ip = $_GET['todelete']; - exec("/sbin/pfctl -t snort2c -T delete {$ip}"); -} - -if ($_POST['remove']) { - exec("/sbin/pfctl -t snort2c -T flush"); - sleep(1); - header("Location: /snort/snort_blocked.php"); - exit; - -} - -/* TODO: build a file with block ip and disc */ -if ($_POST['download']) -{ - - ob_start(); //important or other posts will fail - $save_date = exec('/bin/date "+%Y-%m-%d-%H-%M-%S"'); - $file_name = "snort_blocked_{$save_date}.tar.gz"; - exec('/bin/mkdir /tmp/snort_blocked'); - exec('/sbin/pfctl -t snort2c -T show > /tmp/snort_block.pf'); - - $blocked_ips_array_save = str_replace(' ', '', array_filter(explode("\n", file_get_contents('/tmp/snort_block.pf')))); - - if ($blocked_ips_array_save[0] != '') { - /* build the list */ - file_put_contents("/tmp/snort_blocked/snort_block.pf", ""); - foreach($blocked_ips_array_save as $counter => $fileline3) - file_put_contents("/tmp/snort_blocked/snort_block.pf", "{$fileline3}\n", FILE_APPEND); - } - - exec("/usr/bin/tar cfz /tmp/snort_blocked_{$save_date}.tar.gz /tmp/snort_blocked"); - - if(file_exists("/tmp/snort_blocked_{$save_date}.tar.gz")) { - $file = "/tmp/snort_blocked_{$save_date}.tar.gz"; - header("Expires: Mon, 26 Jul 1997 05:00:00 GMT\n"); - header("Pragma: private"); // needed for IE - header("Cache-Control: private, must-revalidate"); // needed for IE - header('Content-type: application/force-download'); - header('Content-Transfer-Encoding: Binary'); - header("Content-length: ".filesize($file)); - header("Content-disposition: attachment; filename = {$file_name}"); - readfile("$file"); - exec("/bin/rm /tmp/snort_blocked_{$save_date}.tar.gz"); - exec("/bin/rm /tmp/snort_block.pf"); - exec("/bin/rm /tmp/snort_blocked/snort_block.pf"); - od_end_clean(); //importanr or other post will fail - } else - echo 'Error no saved file.'; - -} - -if ($_POST['save']) -{ - - /* input validation */ - if ($_POST['save']) - { - - - } - - /* no errors */ - if (!$input_errors) - { - $config['installedpackages']['snortglobal']['alertsblocks']['brefresh'] = $_POST['brefresh'] ? 'on' : 'off'; - $config['installedpackages']['snortglobal']['alertsblocks']['blertnumber'] = $_POST['blertnumber']; - - write_config(); - - header("Location: /snort/snort_blocked.php"); - - } - -} - -/* build filter funcs */ -function get_snort_alert_ip_src($fileline) -{ - /* SRC IP */ - $re1='.*?'; # Non-greedy match on filler - $re2='((?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\\.){3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?))(?![\\d])'; # IPv4 IP Address 1 - - if ($c=preg_match_all ("/".$re1.$re2."/is", $fileline, $matches4)) - $alert_ip_src = $matches4[1][0]; - - return $alert_ip_src; -} - -function get_snort_alert_disc($fileline) -{ - /* disc */ - if (preg_match("/\[\*\*\] (\[.*\]) (.*) (\[\*\*\])/", $fileline, $matches)) - $alert_disc = "$matches[2]"; - - return $alert_disc; -} - -/* build sec filters */ -function get_snort_block_ip($fileline) -{ - /* ip */ - if (preg_match("/\[\d+\.\d+\.\d+\.\d+\]/", $fileline, $matches)) - $alert_block_ip = "$matches[0]"; - - return $alert_block_ip; -} - -function get_snort_block_disc($fileline) -{ - /* disc */ - if (preg_match("/\]\s\[.+\]$/", $fileline, $matches)) - $alert_block_disc = "$matches[0]"; - - return $alert_block_disc; -} - -/* tell the user what settings they have */ -$blockedtab_msg_chk = $config['installedpackages']['snortglobal']['rm_blocked']; -if ($blockedtab_msg_chk == "1h_b") { - $blocked_msg = "hour"; -} -if ($blockedtab_msg_chk == "3h_b") { - $blocked_msg = "3 hours"; -} -if ($blockedtab_msg_chk == "6h_b") { - $blocked_msg = "6 hours"; -} -if ($blockedtab_msg_chk == "12h_b") { - $blocked_msg = "12 hours"; -} -if ($blockedtab_msg_chk == "1d_b") { - $blocked_msg = "day"; -} -if ($blockedtab_msg_chk == "4d_b") { - $blocked_msg = "4 days"; -} -if ($blockedtab_msg_chk == "7d_b") { - $blocked_msg = "7 days"; -} -if ($blockedtab_msg_chk == "28d_b") { - $blocked_msg = "28 days"; -} - -if ($blockedtab_msg_chk != "never_b") -{ - $blocked_msg_txt = "Hosts are removed every <strong>$blocked_msg</strong>."; -}else{ - $blocked_msg_txt = "Settings are set to never <strong>remove</strong> hosts."; -} - -$pgtitle = "Services: Snort Blocked Hosts"; -include_once("head.inc"); - -?> - -<body link="#000000" vlink="#000000" alink="#000000"> - -<?php - -include_once("fbegin.inc"); -echo $snort_general_css; - -/* refresh every 60 secs */ -if ($pconfig['brefresh'] == 'on') - echo "<meta http-equiv=\"refresh\" content=\"60;url=/snort/snort_blocked.php\" />\n"; -?> - -<div class="body2"><?if($pfsense_stable == 'yes'){echo '<p class="pgtitle">' . $pgtitle . '</p>';}?> - -<?php if ($savemsg) print_info_box($savemsg); ?> -<table width="99%" border="0" cellpadding="0" cellspacing="0"> -<tr><td> -<?php - $tab_array = array(); - $tab_array[0] = array(gettext("Snort Interfaces"), false, "/snort/snort_interfaces.php"); - $tab_array[1] = array(gettext("Global Settings"), false, "/snort/snort_interfaces_global.php"); - $tab_array[2] = array(gettext("Updates"), false, "/snort/snort_download_updates.php"); - $tab_array[3] = array(gettext("Alerts"), false, "/snort/snort_alerts.php"); - $tab_array[4] = array(gettext("Blocked"), true, "/snort/snort_blocked.php"); - $tab_array[5] = array(gettext("Whitelists"), false, "/snort/snort_interfaces_whitelist.php"); - $tab_array[6] = array(gettext("Suppress"), false, "/snort/snort_interfaces_suppress.php"); - $tab_array[7] = array(gettext("Help"), false, "/snort/help_and_info.php"); - display_top_tabs($tab_array); -?> -</td></tr> - <tr> - <td> - <div id="mainarea2"> - - <table id="maintable" class="tabcont" width="100%" border="0" - cellpadding="0" cellspacing="0"> - <tr> - <td width="22%" colspan="0" class="listtopic">Last <?=$bnentries;?> - Blocked.</td> - <td width="78%" class="listtopic">This page lists hosts that have - been blocked by Snort. <?=$blocked_msg_txt;?></td> - </tr> - <tr> - <td width="22%" class="vncell">Save or Remove Hosts</td> - <td width="78%" class="vtable"> - <form action="/snort/snort_blocked.php" method="post"><input - name="download" type="submit" class="formbtn" value="Download"> All - blocked hosts will be saved. <input name="remove" type="submit" - class="formbtn" value="Clear"> <span class="red"><strong>Warning:</strong></span> - all hosts will be removed.</form> - </td> - </tr> - <tr> - <td width="22%" class="vncell">Auto Refresh and Log View</td> - <td width="78%" class="vtable"> - <form action="/snort/snort_blocked.php" method="post"><input - name="save" type="submit" class="formbtn" value="Save"> Refresh <input - name="brefresh" type="checkbox" value="on" - <?php if ($config['installedpackages']['snortglobal']['alertsblocks']['brefresh']=="on" || $config['installedpackages']['snortglobal']['alertsblocks']['brefresh']=='') echo "checked"; ?>> - <strong>Default</strong> is <strong>ON</strong>. <input - name="blertnumber" type="text" class="formfld" id="blertnumber" - size="5" value="<?=htmlspecialchars($bnentries);?>"> Enter the - number of blocked entries to view. <strong>Default</strong> is <strong>500</strong>. - </form> - </td> - </tr> - </table> - </div> - <br> - </td> - </tr> - - <table class="tabcont" width="100%" border="0" cellspacing="0" - cellpadding="0"> - <tr> - <td> - <table id="sortabletable1" class="sortable" width="100%" border="0" - cellpadding="0" cellspacing="0"> - <tr id="frheader"> - <td width="5%" class="listhdrr">Remove</td> - <td class="listhdrr">#</td> - <td class="listhdrr">IP</td> - <td class="listhdrr">Alert Description</td> - </tr> - <?php - - /* set the arrays */ - exec('/sbin/pfctl -t snort2c -T show > /tmp/snort_block.cache'); - $blocked_ips_array = str_replace(' ', '', array_filter(explode("\n", file_get_contents('/tmp/snort_block.cache')))); - foreach (glob("/var/log/snort/alert_*") as $alert) { - $alerts_array = array_reverse(explode("\n\n", file_get_contents("{$alert}"))); - - $logent = $bnentries; - - if ($blocked_ips_array[0] != '' && $alerts_array[0] != '') - { - - /* build the list and compare blocks to alerts */ - $counter = 0; - foreach($alerts_array as $fileline) - { - - $counter++; - - $alert_ip_src = get_snort_alert_ip_src($fileline); - $alert_ip_disc = get_snort_alert_disc($fileline); - $alert_ip_src_array[] = get_snort_alert_ip_src($fileline); - - if (in_array("$alert_ip_src", $blocked_ips_array)) - $input[] = "[$alert_ip_src] " . "[$alert_ip_disc]\n"; - } - - foreach($blocked_ips_array as $alert_block_ip) - { - - if (!in_array($alert_block_ip, $alert_ip_src_array)) - { - $input[] = "[$alert_block_ip] " . "[N\A]\n"; - } - } - - /* reduce double occurrences */ - $result = array_unique($input); - - /* buil final list, preg_match, buld html */ - $counter2 = 0; - - foreach($result as $fileline2) - { - if($logent <= $counter2) - continue; - - $counter2++; - - $alert_block_ip_str = get_snort_block_ip($fileline2); - - if($alert_block_ip_str != '') - { - $alert_block_ip_match = array('[',']'); - $alert_block_ip = str_replace($alert_block_ip_match, '', "$alert_block_ip_str"); - }else{ - $alert_block_ip = 'empty'; - } - - $alert_block_disc_str = get_snort_block_disc($fileline2); - - if($alert_block_disc_str != '') - { - $alert_block_disc_match = array('] [',']'); - $alert_block_disc = str_replace($alert_block_disc_match, '', "$alert_block_disc_str"); - }else{ - $alert_block_disc = 'empty'; - } - - /* use one echo to do the magic*/ - echo "<tr> - <td align=\"center\" valign=\"top\"'><a href='snort_blocked.php?todelete=" . trim(urlencode($alert_block_ip)) . "'> - <img title=\"Delete\" border=\"0\" name='todelete' id='todelete' alt=\"Delete\" src=\"../themes/{$g['theme']}/images/icons/icon_x.gif\"></a></td> - <td> {$counter2}</td> - <td> {$alert_block_ip}</td> - <td> {$alert_block_disc}</td> - </tr>\n"; - - } - - }else{ - - /* if alerts file is empty and blocked table is not empty */ - $counter2 = 0; - - foreach($blocked_ips_array as $alert_block_ip) - { - if($logent <= $counter2) - continue; - - $counter2++; - - $alert_block_disc = 'N/A'; - - /* use one echo to do the magic*/ - echo "<tr> - <td align=\"center\" valign=\"top\"'><a href='snort_blocked.php?todelete=" . trim(urlencode($alert_block_ip)) . "'> - <img title=\"Delete\" border=\"0\" name='todelete' id='todelete' alt=\"Delete\" src=\"../themes/{$g['theme']}/images/icons/icon_x.gif\"></a></td> - <td> {$counter2}</td> - <td> {$alert_block_ip}</td> - <td> {$alert_block_disc}</td> - </tr>\n"; - } - } - } - - echo '</table>' . "\n"; - - if (empty($blocked_ips_array[0])) - echo "\n<tr><td colspan='3' align=\"center\" valign=\"top\"><br><strong>There are currently no items being blocked by snort.</strong></td></tr>"; - else - echo "\n<tr><td colspan='3' align=\"center\" valign=\"top\">{$counter2} items listed.</td></tr>"; - - ?> - </td> - </tr> - </table> - </td> - </tr> - </table> - </div> - - <?php - - include("fend.inc"); - -echo $snort_custom_rnd_box; - -?> - -</body> -</html> +<?php
+/* $Id$ */
+/*
+ snort_blocked.php
+ Copyright (C) 2006 Scott Ullrich
+ All rights reserved.
+
+ Modified for the Pfsense snort package v. 1.8+
+ Copyright (C) 2009 Robert Zelaya Sr. Developer
+
+ Redistribution and use in source and binary forms, with or without
+ modification, are permitted provided that the following conditions are met:
+
+ 1. Redistributions of source code must retain the above copyright notice,
+ this list of conditions and the following disclaimer.
+
+ 2. Redistributions in binary form must reproduce the above copyright
+ notice, this list of conditions and the following disclaimer in the
+ documentation and/or other materials provided with the distribution.
+
+ THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
+ INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
+ AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
+ OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ POSSIBILITY OF SUCH DAMAGE.
+ */
+
+require_once("guiconfig.inc");
+require_once("/usr/local/pkg/snort/snort_gui.inc");
+require_once("/usr/local/pkg/snort/snort.inc");
+
+if (!is_array($config['installedpackages']['snortglobal']['alertsblocks']))
+ $config['installedpackages']['snortglobal']['alertsblocks'] = array();
+
+$pconfig['brefresh'] = $config['installedpackages']['snortglobal']['alertsblocks']['brefresh'];
+$pconfig['blertnumber'] = $config['installedpackages']['snortglobal']['alertsblocks']['blertnumber'];
+
+if ($pconfig['blertnumber'] == '' || $pconfig['blertnumber'] == '0')
+{
+ $bnentries = '500';
+}else{
+ $bnentries = $pconfig['blertnumber'];
+}
+
+if($_POST['todelete'] or $_GET['todelete']) {
+ if($_POST['todelete'])
+ $ip = $_POST['todelete'];
+ if($_GET['todelete'])
+ $ip = $_GET['todelete'];
+ exec("/sbin/pfctl -t snort2c -T delete {$ip}");
+}
+
+if ($_POST['remove']) {
+ exec("/sbin/pfctl -t snort2c -T flush");
+ sleep(1);
+ header("Location: /snort/snort_blocked.php");
+ exit;
+
+}
+
+/* TODO: build a file with block ip and disc */
+if ($_POST['download'])
+{
+
+ ob_start(); //important or other posts will fail
+ $save_date = exec('/bin/date "+%Y-%m-%d-%H-%M-%S"');
+ $file_name = "snort_blocked_{$save_date}.tar.gz";
+ exec('/bin/mkdir /tmp/snort_blocked');
+ exec('/sbin/pfctl -t snort2c -T show > /tmp/snort_block.pf');
+
+ $blocked_ips_array_save = str_replace(' ', '', array_filter(explode("\n", file_get_contents('/tmp/snort_block.pf'))));
+
+ if ($blocked_ips_array_save[0] != '') {
+ /* build the list */
+ file_put_contents("/tmp/snort_blocked/snort_block.pf", "");
+ foreach($blocked_ips_array_save as $counter => $fileline3)
+ file_put_contents("/tmp/snort_blocked/snort_block.pf", "{$fileline3}\n", FILE_APPEND);
+ }
+
+ exec("/usr/bin/tar cfz /tmp/snort_blocked_{$save_date}.tar.gz /tmp/snort_blocked");
+
+ if(file_exists("/tmp/snort_blocked_{$save_date}.tar.gz")) {
+ $file = "/tmp/snort_blocked_{$save_date}.tar.gz";
+ header("Expires: Mon, 26 Jul 1997 05:00:00 GMT\n");
+ header("Pragma: private"); // needed for IE
+ header("Cache-Control: private, must-revalidate"); // needed for IE
+ header('Content-type: application/force-download');
+ header('Content-Transfer-Encoding: Binary');
+ header("Content-length: ".filesize($file));
+ header("Content-disposition: attachment; filename = {$file_name}");
+ readfile("$file");
+ exec("/bin/rm /tmp/snort_blocked_{$save_date}.tar.gz");
+ exec("/bin/rm /tmp/snort_block.pf");
+ exec("/bin/rm /tmp/snort_blocked/snort_block.pf");
+ od_end_clean(); //importanr or other post will fail
+ } else
+ echo 'Error no saved file.';
+
+}
+
+if ($_POST['save'])
+{
+
+ /* input validation */
+ if ($_POST['save'])
+ {
+
+
+ }
+
+ /* no errors */
+ if (!$input_errors)
+ {
+ $config['installedpackages']['snortglobal']['alertsblocks']['brefresh'] = $_POST['brefresh'] ? 'on' : 'off';
+ $config['installedpackages']['snortglobal']['alertsblocks']['blertnumber'] = $_POST['blertnumber'];
+
+ write_config();
+
+ header("Location: /snort/snort_blocked.php");
+
+ }
+
+}
+
+/* build filter funcs */
+function get_snort_alert_ip_src($fileline)
+{
+ /* SRC IP */
+ $re1='.*?'; # Non-greedy match on filler
+ $re2='((?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\\.){3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?))(?![\\d])'; # IPv4 IP Address 1
+
+ if ($c=preg_match_all ("/".$re1.$re2."/is", $fileline, $matches4))
+ $alert_ip_src = $matches4[1][0];
+
+ return $alert_ip_src;
+}
+
+function get_snort_alert_disc($fileline)
+{
+ /* disc */
+ if (preg_match("/\[\*\*\] (\[.*\]) (.*) (\[\*\*\])/", $fileline, $matches))
+ $alert_disc = "$matches[2]";
+
+ return $alert_disc;
+}
+
+/* build sec filters */
+function get_snort_block_ip($fileline)
+{
+ /* ip */
+ if (preg_match("/\[\d+\.\d+\.\d+\.\d+\]/", $fileline, $matches))
+ $alert_block_ip = "$matches[0]";
+
+ return $alert_block_ip;
+}
+
+function get_snort_block_disc($fileline)
+{
+ /* disc */
+ if (preg_match("/\]\s\[.+\]$/", $fileline, $matches))
+ $alert_block_disc = "$matches[0]";
+
+ return $alert_block_disc;
+}
+
+/* tell the user what settings they have */
+$blockedtab_msg_chk = $config['installedpackages']['snortglobal']['rm_blocked'];
+if ($blockedtab_msg_chk == "1h_b") {
+ $blocked_msg = "hour";
+}
+if ($blockedtab_msg_chk == "3h_b") {
+ $blocked_msg = "3 hours";
+}
+if ($blockedtab_msg_chk == "6h_b") {
+ $blocked_msg = "6 hours";
+}
+if ($blockedtab_msg_chk == "12h_b") {
+ $blocked_msg = "12 hours";
+}
+if ($blockedtab_msg_chk == "1d_b") {
+ $blocked_msg = "day";
+}
+if ($blockedtab_msg_chk == "4d_b") {
+ $blocked_msg = "4 days";
+}
+if ($blockedtab_msg_chk == "7d_b") {
+ $blocked_msg = "7 days";
+}
+if ($blockedtab_msg_chk == "28d_b") {
+ $blocked_msg = "28 days";
+}
+
+if ($blockedtab_msg_chk != "never_b")
+{
+ $blocked_msg_txt = "Hosts are removed every <strong>$blocked_msg</strong>.";
+}else{
+ $blocked_msg_txt = "Settings are set to never <strong>remove</strong> hosts.";
+}
+
+$pgtitle = "Services: Snort Blocked Hosts";
+include_once("head.inc");
+
+?>
+
+<body link="#000000" vlink="#000000" alink="#000000">
+
+<?php
+
+include_once("fbegin.inc");
+echo $snort_general_css;
+
+/* refresh every 60 secs */
+if ($pconfig['brefresh'] == 'on')
+ echo "<meta http-equiv=\"refresh\" content=\"60;url=/snort/snort_blocked.php\" />\n";
+?>
+
+<div class="body2"><?if($pfsense_stable == 'yes'){echo '<p class="pgtitle">' . $pgtitle . '</p>';}?>
+
+<?php if ($savemsg) print_info_box($savemsg); ?>
+<table width="99%" border="0" cellpadding="0" cellspacing="0">
+<tr><td>
+<?php
+ $tab_array = array();
+ $tab_array[0] = array(gettext("Snort Interfaces"), false, "/snort/snort_interfaces.php");
+ $tab_array[1] = array(gettext("Global Settings"), false, "/snort/snort_interfaces_global.php");
+ $tab_array[2] = array(gettext("Updates"), false, "/snort/snort_download_updates.php");
+ $tab_array[3] = array(gettext("Alerts"), false, "/snort/snort_alerts.php");
+ $tab_array[4] = array(gettext("Blocked"), true, "/snort/snort_blocked.php");
+ $tab_array[5] = array(gettext("Whitelists"), false, "/snort/snort_interfaces_whitelist.php");
+ $tab_array[6] = array(gettext("Suppress"), false, "/snort/snort_interfaces_suppress.php");
+ $tab_array[7] = array(gettext("Help"), false, "/snort/help_and_info.php");
+ display_top_tabs($tab_array);
+?>
+</td></tr>
+ <tr>
+ <td>
+ <div id="mainarea2">
+
+ <table id="maintable" class="tabcont" width="100%" border="0"
+ cellpadding="0" cellspacing="0">
+ <tr>
+ <td width="22%" colspan="0" class="listtopic">Last <?=$bnentries;?>
+ Blocked.</td>
+ <td width="78%" class="listtopic">This page lists hosts that have
+ been blocked by Snort. <?=$blocked_msg_txt;?></td>
+ </tr>
+ <tr>
+ <td width="22%" class="vncell">Save or Remove Hosts</td>
+ <td width="78%" class="vtable">
+ <form action="/snort/snort_blocked.php" method="post"><input
+ name="download" type="submit" class="formbtn" value="Download"> All
+ blocked hosts will be saved. <input name="remove" type="submit"
+ class="formbtn" value="Clear"> <span class="red"><strong>Warning:</strong></span>
+ all hosts will be removed.</form>
+ </td>
+ </tr>
+ <tr>
+ <td width="22%" class="vncell">Auto Refresh and Log View</td>
+ <td width="78%" class="vtable">
+ <form action="/snort/snort_blocked.php" method="post"><input
+ name="save" type="submit" class="formbtn" value="Save"> Refresh <input
+ name="brefresh" type="checkbox" value="on"
+ <?php if ($config['installedpackages']['snortglobal']['alertsblocks']['brefresh']=="on" || $config['installedpackages']['snortglobal']['alertsblocks']['brefresh']=='') echo "checked"; ?>>
+ <strong>Default</strong> is <strong>ON</strong>. <input
+ name="blertnumber" type="text" class="formfld" id="blertnumber"
+ size="5" value="<?=htmlspecialchars($bnentries);?>"> Enter the
+ number of blocked entries to view. <strong>Default</strong> is <strong>500</strong>.
+ </form>
+ </td>
+ </tr>
+ </table>
+ </div>
+ <br>
+ </td>
+ </tr>
+
+ <table class="tabcont" width="100%" border="0" cellspacing="0"
+ cellpadding="0">
+ <tr>
+ <td>
+ <table id="sortabletable1" class="sortable" width="100%" border="0"
+ cellpadding="0" cellspacing="0">
+ <tr id="frheader">
+ <td width="5%" class="listhdrr">Remove</td>
+ <td class="listhdrr">#</td>
+ <td class="listhdrr">IP</td>
+ <td class="listhdrr">Alert Description</td>
+ </tr>
+ <?php
+
+ /* set the arrays */
+ exec('/sbin/pfctl -t snort2c -T show > /tmp/snort_block.cache');
+ $blocked_ips_array = str_replace(' ', '', array_filter(explode("\n", file_get_contents('/tmp/snort_block.cache'))));
+ foreach (glob("/var/log/snort/alert_*") as $alert) {
+ $alerts_array = array_reverse(explode("\n\n", file_get_contents("{$alert}")));
+
+ $logent = $bnentries;
+
+ if ($blocked_ips_array[0] != '' && $alerts_array[0] != '')
+ {
+
+ /* build the list and compare blocks to alerts */
+ $counter = 0;
+ foreach($alerts_array as $fileline)
+ {
+
+ $counter++;
+
+ $alert_ip_src = get_snort_alert_ip_src($fileline);
+ $alert_ip_disc = get_snort_alert_disc($fileline);
+ $alert_ip_src_array[] = get_snort_alert_ip_src($fileline);
+
+ if (in_array("$alert_ip_src", $blocked_ips_array))
+ $input[] = "[$alert_ip_src] " . "[$alert_ip_disc]\n";
+ }
+
+ foreach($blocked_ips_array as $alert_block_ip)
+ {
+
+ if (!in_array($alert_block_ip, $alert_ip_src_array))
+ {
+ $input[] = "[$alert_block_ip] " . "[N\A]\n";
+ }
+ }
+
+ /* reduce double occurrences */
+ $result = array_unique($input);
+
+ /* buil final list, preg_match, buld html */
+ $counter2 = 0;
+
+ foreach($result as $fileline2)
+ {
+ if($logent <= $counter2)
+ continue;
+
+ $counter2++;
+
+ $alert_block_ip_str = get_snort_block_ip($fileline2);
+
+ if($alert_block_ip_str != '')
+ {
+ $alert_block_ip_match = array('[',']');
+ $alert_block_ip = str_replace($alert_block_ip_match, '', "$alert_block_ip_str");
+ }else{
+ $alert_block_ip = 'empty';
+ }
+
+ $alert_block_disc_str = get_snort_block_disc($fileline2);
+
+ if($alert_block_disc_str != '')
+ {
+ $alert_block_disc_match = array('] [',']');
+ $alert_block_disc = str_replace($alert_block_disc_match, '', "$alert_block_disc_str");
+ }else{
+ $alert_block_disc = 'empty';
+ }
+
+ /* use one echo to do the magic*/
+ echo "<tr>
+ <td align=\"center\" valign=\"top\"'><a href='snort_blocked.php?todelete=" . trim(urlencode($alert_block_ip)) . "'>
+ <img title=\"Delete\" border=\"0\" name='todelete' id='todelete' alt=\"Delete\" src=\"../themes/{$g['theme']}/images/icons/icon_x.gif\"></a></td>
+ <td> {$counter2}</td>
+ <td> {$alert_block_ip}</td>
+ <td> {$alert_block_disc}</td>
+ </tr>\n";
+
+ }
+
+ }else{
+
+ /* if alerts file is empty and blocked table is not empty */
+ $counter2 = 0;
+
+ foreach($blocked_ips_array as $alert_block_ip)
+ {
+ if($logent <= $counter2)
+ continue;
+
+ $counter2++;
+
+ $alert_block_disc = 'N/A';
+
+ /* use one echo to do the magic*/
+ echo "<tr>
+ <td align=\"center\" valign=\"top\"'><a href='snort_blocked.php?todelete=" . trim(urlencode($alert_block_ip)) . "'>
+ <img title=\"Delete\" border=\"0\" name='todelete' id='todelete' alt=\"Delete\" src=\"../themes/{$g['theme']}/images/icons/icon_x.gif\"></a></td>
+ <td> {$counter2}</td>
+ <td> {$alert_block_ip}</td>
+ <td> {$alert_block_disc}</td>
+ </tr>\n";
+ }
+ }
+ }
+
+ echo '</table>' . "\n";
+
+ if (empty($blocked_ips_array[0]))
+ echo "\n<tr><td colspan='3' align=\"center\" valign=\"top\"><br><strong>There are currently no items being blocked by snort.</strong></td></tr>";
+ else
+ echo "\n<tr><td colspan='3' align=\"center\" valign=\"top\">{$counter2} items listed.</td></tr>";
+
+ ?>
+ </td>
+ </tr>
+ </table>
+ </td>
+ </tr>
+ </table>
+ </div>
+
+ <?php
+
+ include("fend.inc");
+
+echo $snort_custom_rnd_box;
+
+?>
+
+</body>
+</html>
diff --git a/config/snort-dev/snort_check_for_rule_updates.php b/config/snort-dev/snort_check_for_rule_updates.php index 41995e9d..d959a1d5 100644 --- a/config/snort-dev/snort_check_for_rule_updates.php +++ b/config/snort-dev/snort_check_for_rule_updates.php @@ -1,690 +1,690 @@ -<?php -/* - snort_check_for_rule_updates.php - Copyright (C) 2006 Scott Ullrich - Copyright (C) 2009 Robert Zelaya - Copyright (C) 2011 Ermal Luci - All rights reserved. - - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions are met: - - 1. Redistributions of source code must retain the above copyright notice, - this list of conditions and the following disclaimer. - - 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. - - THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, - INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY - AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, - OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - POSSIBILITY OF SUCH DAMAGE. - */ - -/* Setup enviroment */ - -/* TODO: review if include files are needed */ -require_once("functions.inc"); -require_once("service-utils.inc"); -require_once("/usr/local/pkg/snort/snort.inc"); - -$pkg_interface = "console"; - -$tmpfname = "/usr/local/etc/snort/tmp/snort_rules_up"; -$snortdir = "/usr/local/etc/snort"; -$snortdir_wan = "/usr/local/etc/snort"; -$snort_filename_md5 = "{$snort_rules_file}.md5"; -$snort_filename = "{$snort_rules_file}"; -$emergingthreats_filename_md5 = "emerging.rules.tar.gz.md5"; -$emergingthreats_filename = "emerging.rules.tar.gz"; -$pfsense_rules_filename_md5 = "pfsense_rules.tar.gz.md5"; -$pfsense_rules_filename = "pfsense_rules.tar.gz"; - -/* Time stamps define */ -$last_md5_download = $config['installedpackages']['snortglobal']['last_md5_download']; -$last_rules_install = $config['installedpackages']['snortglobal']['last_rules_install']; - -$up_date_time = date('l jS \of F Y h:i:s A'); -echo "\n"; -echo "#########################\n"; -echo "$up_date_time\n"; -echo "#########################\n"; -echo "\n\n"; - -/* define checks */ -$oinkid = $config['installedpackages']['snortglobal']['oinkmastercode']; -$snortdownload = $config['installedpackages']['snortglobal']['snortdownload']; -$emergingthreats = $config['installedpackages']['snortglobal']['emergingthreats']; - -if ($snortdownload == 'off' && $emergingthreats != 'on') - $snort_emrging_info = 'stop'; - -if ($oinkid == "" && $snortdownload != 'off') - $snort_oinkid_info = 'stop'; - -/* check if main rule directory is empty */ -$if_mrule_dir = "/usr/local/etc/snort/rules"; -$mfolder_chk = (count(glob("$if_mrule_dir/*")) === 0) ? 'empty' : 'full'; - -if (file_exists('/var/run/snort.conf.dirty')) - $snort_dirty_d = 'stop'; - -/* Start of code */ -conf_mount_rw(); - -if (!is_dir('/usr/local/etc/snort/tmp')) - exec('/bin/mkdir -p /usr/local/etc/snort/tmp'); - -$snort_md5_check_ok = 'off'; -$emerg_md5_check_ok = 'off'; -$pfsense_md5_check_ok = 'off'; - -/* Set user agent to Mozilla */ -ini_set('user_agent','Mozilla/4.0 (compatible; MSIE 6.0)'); -ini_set("memory_limit","150M"); - -/* mark the time update started */ -$config['installedpackages']['snortglobal']['last_md5_download'] = date("Y-M-jS-h:i-A"); - -/* send current buffer */ -ob_flush(); - -/* send current buffer */ -ob_flush(); - -/* remove old $tmpfname files */ -if (is_dir("{$tmpfname}")) { - update_status(gettext("Removing old tmp files...")); - exec("/bin/rm -r {$tmpfname}"); - apc_clear_cache(); -} - -/* Make shure snortdir exits */ -exec("/bin/mkdir -p {$snortdir}"); -exec("/bin/mkdir -p {$snortdir}/rules"); -exec("/bin/mkdir -p {$snortdir}/signatures"); -exec("/bin/mkdir -p {$tmpfname}"); -exec("/bin/mkdir -p /usr/local/lib/snort/dynamicrules/"); - -/* send current buffer */ -ob_flush(); - -$pfsensedownload = 'on'; - -/* download md5 sig from snort.org */ -if ($snortdownload == 'on') -{ - if (file_exists("{$tmpfname}/{$snort_filename_md5}") && - filesize("{$tmpfname}/{$snort_filename_md5}") > 0) { - update_status(gettext("snort.org md5 temp file exists...")); - } else { - update_status(gettext("Downloading snort.org md5 file...")); - ini_set('user_agent','Mozilla/4.0 (compatible; MSIE 6.0)'); - - //$image = @file_get_contents("http://www.mtest.local/pub-bin/oinkmaster.cgi/{$oinkid}/{$snort_filename_md5}"); - $image = @file_get_contents("http://www.snort.org/pub-bin/oinkmaster.cgi/{$oinkid}/{$snort_filename_md5}"); - @file_put_contents("{$tmpfname}/{$snort_filename_md5}", $image); - update_status(gettext("Done downloading snort.org md5")); - } -} - -/* download md5 sig from emergingthreats.net */ -if ($emergingthreats == 'on') -{ - update_status(gettext("Downloading emergingthreats md5 file...")); - ini_set('user_agent','Mozilla/4.0 (compatible; MSIE 6.0)'); - // $image = @file_get_contents("http://www.mtest.local/pub-bin/oinkmaster.cgi/{$oinkid}/version.txt"); - $image = @file_get_contents('http://rules.emergingthreats.net/open/snort-2.9.0/emerging.rules.tar.gz.md5'); - @file_put_contents("{$tmpfname}/{$emergingthreats_filename_md5}", $image); - update_status(gettext("Done downloading emergingthreats md5")); -} - -/* download md5 sig from pfsense.org */ -if (file_exists("{$tmpfname}/{$pfsense_rules_filename_md5}")) { - update_status(gettext("pfsense md5 temp file exists...")); -} else { - update_status(gettext("Downloading pfsense md5 file...")); - ini_set('user_agent','Mozilla/4.0 (compatible; MSIE 6.0)'); - //$image = @file_get_contents("http://www.mtest.local/pub-bin/oinkmaster.cgi/{$oinkid}/pfsense_rules.tar.gz.md5"); - $image = @file_get_contents("http://www.pfsense.com/packages/config/snort/pfsense_rules/pfsense_rules.tar.gz.md5"); - @file_put_contents("{$tmpfname}/pfsense_rules.tar.gz.md5", $image); - update_status(gettext("Done downloading pfsense md5.")); -} - -/* If md5 file is empty wait 15min exit */ -if ($snortdownload == 'on') -{ - if (0 == filesize("{$tmpfname}/{$snort_filename_md5}")) - { - update_status(gettext("Please wait... You may only check for New Rules every 15 minutes...")); - update_output_window(gettext("Rules are released every month from snort.org. You may download the Rules at any time.")); - $snortdownload = 'off'; - } -} - -/* If pfsense md5 file is empty wait 15min exit */ -if (0 == filesize("{$tmpfname}/$pfsense_rules_filename_md5")){ - update_status(gettext("Please wait... You may only check for New Pfsense Rules every 15 minutes...")); - update_output_window(gettext("Rules are released to support Pfsense packages.")); - $pfsensedownload = 'off'; -} - -/* Check if were up to date snort.org */ -if ($snortdownload == 'on') -{ - if (file_exists("{$snortdir}/{$snort_filename_md5}")) - { - $md5_check_new_parse = file_get_contents("{$tmpfname}/{$snort_filename_md5}"); - $md5_check_new = `/bin/echo "{$md5_check_new_parse}" | /usr/bin/awk '{ print $1 }'`; - $md5_check_old_parse = file_get_contents("{$snortdir}/{$snort_filename_md5}"); - $md5_check_old = `/bin/echo "{$md5_check_old_parse}" | /usr/bin/awk '{ print $1 }'`; - if ($md5_check_new == $md5_check_old) - { - update_status(gettext("Your rules are up to date...")); - update_output_window(gettext("You may start Snort now, check update.")); - $snort_md5_check_ok = 'on'; - } else { - update_status(gettext("Your rules are not up to date...")); - $snort_md5_check_ok = 'off'; - } - } -} - -/* Check if were up to date emergingthreats.net */ -if ($emergingthreats == 'on') -{ - if (file_exists("{$snortdir}/{$emergingthreats_filename_md5}")) - { - $emerg_md5_check_new_parse = file_get_contents("{$tmpfname}/{$emergingthreats_filename_md5}"); - $emerg_md5_check_new = `/bin/echo "{$emerg_md5_check_new_parse}" | /usr/bin/awk '{ print $1 }'`; - $emerg_md5_check_old_parse = file_get_contents("{$snortdir}/{$emergingthreats_filename_md5}"); - $emerg_md5_check_old = `/bin/echo "{$emerg_md5_check_old_parse}" | /usr/bin/awk '{ print $1 }'`; - if ($emerg_md5_check_new == $emerg_md5_check_old) - { - $emerg_md5_check_ok = 'on'; - } else - $emerg_md5_check_ok = 'off'; - } -} - -/* Check if were up to date pfsense.org */ -if ($pfsensedownload == 'on' && file_exists("{$snortdir}/pfsense_rules.tar.gz.md5")) -{ - $pfsense_check_new_parse = file_get_contents("{$tmpfname}/pfsense_rules.tar.gz.md5"); - $pfsense_md5_check_new = `/bin/echo "{$pfsense_md5_check_new_parse}" | /usr/bin/awk '{ print $1 }'`; - $pfsense_md5_check_old_parse = file_get_contents("{$snortdir}/pfsense_rules.tar.gz.md5"); - $pfsense_md5_check_old = `/bin/echo "{$pfsense_md5_check_old_parse}" | /usr/bin/awk '{ print $1 }'`; - if ($pfsense_md5_check_new == $pfsense_md5_check_old) - { - $pfsense_md5_check_ok = 'on'; - } else - $pfsense_md5_check_ok = 'off'; -} - -if ($snortdownload == 'on') { - if ($snort_md5_check_ok == 'on') - { - update_status(gettext("Your snort.org rules are up to date...")); - update_output_window(gettext("You may start Snort now...")); - $snortdownload = 'off'; - } -} -if ($emergingthreats == 'on') { - if ($emerg_md5_check_ok == 'on') - { - update_status(gettext("Your Emergingthreats rules are up to date...")); - update_output_window(gettext("You may start Snort now...")); - $emergingthreats = 'off'; - } -} - -/* download snortrules file */ -if ($snortdownload == 'on') -{ - if ($snort_md5_check_ok != 'on') { - if (file_exists("{$tmpfname}/{$snort_filename}")) { - update_status(gettext("Snortrule tar file exists...")); - } else { - update_status(gettext("There is a new set of Snort.org rules posted. Downloading...")); - update_output_window(gettext("May take 4 to 10 min...")); - download_file_with_progress_bar("http://www.snort.org/pub-bin/oinkmaster.cgi/{$oinkid}/{$snort_filename}", "{$tmpfname}/{$snort_filename}"); - update_all_status($static_output); - update_status(gettext("Done downloading rules file.")); - if (300000 > filesize("{$tmpfname}/$snort_filename")){ - update_status(gettext("Error with the snort rules download...")); - update_output_window(gettext("Snort rules file downloaded failed...")); - $snortdownload = 'off'; - } - } - } -} - -/* download emergingthreats rules file */ -if ($emergingthreats == "on") -{ - if ($emerg_md5_check_ok != 'on') - { - if (file_exists("{$tmpfname}/{$emergingthreats_filename}")) - { - update_status(gettext('Emergingthreats tar file exists...')); - }else{ - update_status(gettext("There is a new set of Emergingthreats rules posted. Downloading...")); - update_output_window(gettext("May take 4 to 10 min...")); - download_file_with_progress_bar('http://rules.emergingthreats.net/open/snort-2.9.0/emerging.rules.tar.gz', "{$tmpfname}/{$emergingthreats_filename}"); - update_status(gettext('Done downloading Emergingthreats rules file.')); - } - } -} - -/* download pfsense rules file */ -if ($pfsensedownload == 'on' && $pfsense_md5_check_ok != 'on') { - if (file_exists("{$tmpfname}/{$pfsense_rules_filename}")) { - update_status(gettext("Snortrule tar file exists...")); - } else { - update_status(gettext("There is a new set of Pfsense rules posted. Downloading...")); - update_output_window(gettext("May take 4 to 10 min...")); - download_file_with_progress_bar("http://www.pfsense.com/packages/config/snort/pfsense_rules/pfsense_rules.tar.gz", $tmpfname . "/{$pfsense_rules_filename}"); - update_all_status($static_output); - update_status(gettext("Done downloading rules file.")); - } -} - -/* Compair md5 sig to file sig */ - -//$premium_url_chk = $config['installedpackages']['snort']['config'][0]['subscriber']; -//if ($premium_url_chk == on) { -//$md5 = file_get_contents("{$tmpfname}/{$snort_filename_md5}"); -//$file_md5_ondisk = `/sbin/md5 {$tmpfname}/{$snort_filename} | /usr/bin/awk '{ print $4 }'`; -// if ($md5 == $file_md5_ondisk) { -// update_status(gettext("Valid md5 checksum pass...")); -//} else { -// update_status(gettext("The downloaded file does not match the md5 file...P is ON")); -// update_output_window(gettext("Error md5 Mismatch...")); -// return; -// } -//} - -//$premium_url_chk = $config['installedpackages']['snort']['config'][0]['subscriber']; -//if ($premium_url_chk != on) { -//$md55 = `/bin/cat {$tmpfname}/{$snort_filename_md5} | /usr/bin/awk '{ print $4 }'`; -//$file_md5_ondisk2 = `/sbin/md5 {$tmpfname}/{$snort_filename} | /usr/bin/awk '{ print $4 }'`; -// if ($md55 == $file_md5_ondisk2) { -// update_status(gettext("Valid md5 checksum pass...")); -//} else { -// update_status(gettext("The downloaded file does not match the md5 file...Not P")); -// update_output_window(gettext("Error md5 Mismatch...")); -// return; -// } -//} - -/* Untar snort rules file individually to help people with low system specs */ -if ($snortdownload == 'on') -{ - if ($snort_md5_check_ok != 'on') { - if (file_exists("{$tmpfname}/{$snort_filename}")) { - - if ($pfsense_stable == 'yes') - $freebsd_version_so = 'FreeBSD-7-2'; - else - $freebsd_version_so = 'FreeBSD-8-1'; - - update_status(gettext("Extracting Snort.org rules...")); - update_output_window(gettext("May take a while...")); - /* extract snort.org rules and add prefix to all snort.org files*/ - exec("/bin/rm -r {$snortdir}/rules"); - sleep(2); - exec("/usr/bin/tar xzf {$tmpfname}/{$snort_filename} -C {$snortdir} rules/"); - chdir ("/usr/local/etc/snort/rules"); - sleep(2); - exec('/usr/local/bin/perl /usr/local/bin/snort_rename.pl s/^/snort_/ *.rules'); - - /* extract so rules */ - exec('/bin/mkdir -p /usr/local/lib/snort/dynamicrules/'); - if($snort_arch == 'x86'){ - exec("/usr/bin/tar xzf {$tmpfname}/{$snort_filename} -C {$snortdir} so_rules/precompiled/$freebsd_version_so/i386/2.9.0.5/"); - exec("/bin/mv -f {$snortdir}/so_rules/precompiled/$freebsd_version_so/i386/2.9.0.5/* /usr/local/lib/snort/dynamicrules/"); - } else if ($snort_arch == 'x64') { - exec("/usr/bin/tar xzf {$tmpfname}/{$snort_filename} -C {$snortdir} so_rules/precompiled/$freebsd_version_so/x86-64/2.9.0.5/"); - exec("/bin/mv -f {$snortdir}/so_rules/precompiled/$freebsd_version_so/x86-64/2.9.0.5/* /usr/local/lib/snort/dynamicrules/"); - } - /* extract so rules none bin and rename */ - exec("/usr/bin/tar xzf {$tmpfname}/{$snort_filename} -C {$snortdir} so_rules/bad-traffic.rules/" . - " so_rules/chat.rules/" . - " so_rules/dos.rules/" . - " so_rules/exploit.rules/" . - " so_rules/icmp.rules/" . - " so_rules/imap.rules/" . - " so_rules/misc.rules/" . - " so_rules/multimedia.rules/" . - " so_rules/netbios.rules/" . - " so_rules/nntp.rules/" . - " so_rules/p2p.rules/" . - " so_rules/smtp.rules/" . - " so_rules/sql.rules/" . - " so_rules/web-activex.rules/" . - " so_rules/web-client.rules/" . - " so_rules/web-iis.rules/" . - " so_rules/web-misc.rules/"); - - exec("/bin/mv -f {$snortdir}/so_rules/bad-traffic.rules {$snortdir}/rules/snort_bad-traffic.so.rules"); - exec("/bin/mv -f {$snortdir}/so_rules/chat.rules {$snortdir}/rules/snort_chat.so.rules"); - exec("/bin/mv -f {$snortdir}/so_rules/dos.rules {$snortdir}/rules/snort_dos.so.rules"); - exec("/bin/mv -f {$snortdir}/so_rules/exploit.rules {$snortdir}/rules/snort_exploit.so.rules"); - exec("/bin/mv -f {$snortdir}/so_rules/icmp.rules {$snortdir}/rules/snort_icmp.so.rules"); - exec("/bin/mv -f {$snortdir}/so_rules/imap.rules {$snortdir}/rules/snort_imap.so.rules"); - exec("/bin/mv -f {$snortdir}/so_rules/misc.rules {$snortdir}/rules/snort_misc.so.rules"); - exec("/bin/mv -f {$snortdir}/so_rules/multimedia.rules {$snortdir}/rules/snort_multimedia.so.rules"); - exec("/bin/mv -f {$snortdir}/so_rules/netbios.rules {$snortdir}/rules/snort_netbios.so.rules"); - exec("/bin/mv -f {$snortdir}/so_rules/nntp.rules {$snortdir}/rules/snort_nntp.so.rules"); - exec("/bin/mv -f {$snortdir}/so_rules/p2p.rules {$snortdir}/rules/snort_p2p.so.rules"); - exec("/bin/mv -f {$snortdir}/so_rules/smtp.rules {$snortdir}/rules/snort_smtp.so.rules"); - exec("/bin/mv -f {$snortdir}/so_rules/sql.rules {$snortdir}/rules/snort_sql.so.rules"); - exec("/bin/mv -f {$snortdir}/so_rules/web-activex.rules {$snortdir}/rules/snort_web-activex.so.rules"); - exec("/bin/mv -f {$snortdir}/so_rules/web-client.rules {$snortdir}/rules/snort_web-client.so.rules"); - exec("/bin/mv -f {$snortdir}/so_rules/web-iis.rules {$snortdir}/rules/snort_web-iis.so.rules"); - exec("/bin/mv -f {$snortdir}/so_rules/web-misc.rules {$snortdir}/rules/snort_web-misc.so.rules"); - exec("/bin/rm -r {$snortdir}/so_rules"); - } - - /* extract base etc files */ - exec("/usr/bin/tar xzf {$tmpfname}/{$snort_filename} -C {$snortdir} etc/"); - exec("/bin/mv -f {$snortdir}/etc/* {$snortdir}"); - exec("/bin/rm -r {$snortdir}/etc"); - - update_status(gettext("Done extracting Snort.org Rules.")); - }else{ - update_status(gettext("Error extracting Snort.org Rules...")); - update_output_window(gettext("Error Line 755")); - $snortdownload = 'off'; - } -} - -/* Untar emergingthreats rules to tmp */ -if ($emergingthreats == 'on') -{ - if ($emerg_md5_check_ok != 'on') - { - if (file_exists("{$tmpfname}/{$emergingthreats_filename}")) - { - update_status(gettext("Extracting rules...")); - update_output_window(gettext("May take a while...")); - exec("/usr/bin/tar xzf {$tmpfname}/{$emergingthreats_filename} -C {$snortdir} rules/"); - } - } -} - -/* Untar Pfsense rules to tmp */ -if ($pfsensedownload == 'on' && $pfsense_md5_check_ok != 'on') { - if (file_exists("{$tmpfname}/{$pfsense_rules_filename}")) { - update_status(gettext("Extracting Pfsense rules...")); - update_output_window(gettext("May take a while...")); - exec("/usr/bin/tar xzf {$tmpfname}/{$pfsense_rules_filename} -C {$snortdir} rules/"); - } -} - -/* Untar snort signatures */ -if ($snortdownload == 'on' && $snort_md5_check_ok != 'on') { - if (file_exists("{$tmpfname}/{$snort_filename}")) { - $signature_info_chk = $config['installedpackages']['snortglobal']['signatureinfo']; - if ($premium_url_chk == 'on') { - update_status(gettext("Extracting Signatures...")); - update_output_window(gettext("May take a while...")); - exec("/usr/bin/tar xzf {$tmpfname}/{$snort_filename} -C {$snortdir} doc/signatures/"); - update_status(gettext("Done extracting Signatures.")); - } - } -} - -/* Copy md5 sig to snort dir */ -if ($snortdownload == 'on') -{ - if ($snort_md5_check_ok != 'on') { - if (file_exists("{$tmpfname}/$snort_filename_md5")) { - update_status(gettext("Copying md5 sig to snort directory...")); - exec("/bin/cp {$tmpfname}/$snort_filename_md5 {$snortdir}/$snort_filename_md5"); - }else{ - update_status(gettext("The md5 file does not exist...")); - update_output_window(gettext("Error copying config...")); - $snortdownload = 'off'; - } - } -} - -/* Copy emergingthreats md5 sig to snort dir */ -if ($emergingthreats == "on") -{ - if ($emerg_md5_check_ok != 'on') - { - if (file_exists("{$tmpfname}/$emergingthreats_filename_md5")) - { - update_status(gettext("Copying md5 sig to snort directory...")); - exec("/bin/cp {$tmpfname}/$emergingthreats_filename_md5 {$snortdir}/$emergingthreats_filename_md5"); - }else{ - update_status(gettext("The emergingthreats md5 file does not exist...")); - update_output_window(gettext("Error copying config...")); - $emergingthreats = 'off'; - } - } -} - -/* Copy Pfsense md5 sig to snort dir */ -if ($pfsensedownload == 'on' && $pfsense_md5_check_ok != 'on') { - if (file_exists("{$tmpfname}/$pfsense_rules_filename_md5")) { - update_status(gettext("Copying Pfsense md5 sig to snort directory...")); - exec("/bin/cp {$tmpfname}/$pfsense_rules_filename_md5 {$snortdir}/$pfsense_rules_filename_md5"); - } else { - update_status(gettext("The Pfsense md5 file does not exist...")); - update_output_window(gettext("Error copying config...")); - $pfsensedownload = 'off'; - } -} - -/* Copy signatures dir to snort dir */ -if ($snortdownload == 'on') -{ - if ($snort_md5_check_ok != 'on') - { - $signature_info_chk = $config['installedpackages']['snortglobal']['signatureinfo']; - if ($premium_url_chk == 'on') - { - if (file_exists("{$snortdir}/doc/signatures")) { - update_status(gettext("Copying signatures...")); - update_output_window(gettext("May take a while...")); - exec("/bin/mv -f {$snortdir}/doc/signatures {$snortdir}/signatures"); - exec("/bin/rm -r {$snortdir}/doc/signatures"); - update_status(gettext("Done copying signatures.")); - }else{ - update_status(gettext("Directory signatures exist...")); - update_output_window(gettext("Error copying signature...")); - $snortdownload = 'off'; - } - } - } -} - -/* double make shure cleanup emerg rules that dont belong */ -if (file_exists("/usr/local/etc/snort/rules/emerging-botcc-BLOCK.rules")) { - apc_clear_cache(); - @unlink("/usr/local/etc/snort/rules/emerging-botcc-BLOCK.rules"); - @unlink("/usr/local/etc/snort/rules/emerging-botcc.rules"); - @unlink("/usr/local/etc/snort/rules/emerging-compromised-BLOCK.rules"); - @unlink("/usr/local/etc/snort/rules/emerging-drop-BLOCK.rules"); - @unlink("/usr/local/etc/snort/rules/emerging-dshield-BLOCK.rules"); - @unlink("/usr/local/etc/snort/rules/emerging-rbn-BLOCK.rules"); - @unlink("/usr/local/etc/snort/rules/emerging-tor-BLOCK.rules"); -} - -if (file_exists("/usr/local/lib/snort/dynamicrules/lib_sfdynamic_example_rule.so")) { - exec("/bin/rm /usr/local/lib/snort/dynamicrules/lib_sfdynamic_example_rule.so"); - exec("/bin/rm /usr/local/lib/snort/dynamicrules/lib_sfdynamic_example\*"); -} - -/* make shure default rules are in the right format */ -exec("/usr/local/bin/perl -pi -e 's/#alert/# alert/g' /usr/local/etc/snort/rules/*.rules"); -exec("/usr/local/bin/perl -pi -e 's/##alert/# alert/g' /usr/local/etc/snort/rules/*.rules"); -exec("/usr/local/bin/perl -pi -e 's/## alert/# alert/g' /usr/local/etc/snort/rules/*.rules"); - -/* create a msg-map for snort */ -update_status(gettext("Updating Alert Messages...")); -update_output_window(gettext("Please Wait...")); -exec("/usr/local/bin/perl /usr/local/bin/create-sidmap.pl /usr/local/etc/snort/rules > /usr/local/etc/snort/sid-msg.map"); - - -////////////////// -/* open oinkmaster_conf for writing" function */ -function oinkmaster_conf($id, $if_real, $iface_uuid) -{ - global $config, $g, $snort_md5_check_ok, $emerg_md5_check_ok, $pfsense_md5_check_ok; - - @unlink("/usr/local/etc/snort/snort_{$iface_uuid}_{$if_real}/oinkmaster_{$iface_uuid}_{$if_real}.conf"); - - /* enable disable setting will carry over with updates */ - /* TODO carry signature changes with the updates */ - if ($snort_md5_check_ok != 'on' || $emerg_md5_check_ok != 'on' || $pfsense_md5_check_ok != 'on') { - - $selected_sid_on_section = ""; - $selected_sid_off_sections = ""; - - if (!empty($config['installedpackages']['snortglobal']['rule'][$id]['rule_sid_on'])) { - $enabled_sid_on = trim($config['installedpackages']['snortglobal']['rule'][$id]['rule_sid_on']); - $enabled_sid_on_array = split('\|\|', $enabled_sid_on); - foreach($enabled_sid_on_array as $enabled_item_on) - $selected_sid_on_sections .= "$enabled_item_on\n"; - } - - if (!empty($config['installedpackages']['snortglobal']['rule'][$id]['rule_sid_off'])) { - $enabled_sid_off = trim($config['installedpackages']['snortglobal']['rule'][$id]['rule_sid_off']); - $enabled_sid_off_array = split('\|\|', $enabled_sid_off); - foreach($enabled_sid_off_array as $enabled_item_off) - $selected_sid_off_sections .= "$enabled_item_off\n"; - } - - if (!empty($selected_sid_off_sections) || !empty($selected_sid_on_section)) { - $snort_sid_text = <<<EOD - -########################################### -# # -# this is auto generated on snort updates # -# # -########################################### - -path = /bin:/usr/bin:/usr/local/bin - -update_files = \.rules$|\.config$|\.conf$|\.txt$|\.map$ - -url = dir:///usr/local/etc/snort/rules - -$selected_sid_on_sections - -$selected_sid_off_sections - -EOD; - - /* open snort's oinkmaster.conf for writing */ - @file_put_contents("/usr/local/etc/snort/snort_{$iface_uuid}_{$if_real}/oinkmaster_{$iface_uuid}_{$if_real}.conf", $snort_sid_text); - } - } -} - -/* Run oinkmaster to snort_wan and cp configs */ -/* If oinkmaster is not needed cp rules normally */ -/* TODO add per interface settings here */ -function oinkmaster_run($id, $if_real, $iface_uuid) -{ - global $config, $g, $snortdir_wan, $snortdir, $snort_md5_check_ok, $emerg_md5_check_ok, $pfsense_md5_check_ok; - - if ($snort_md5_check_ok != 'on' || $emerg_md5_check_ok != 'on' || $pfsense_md5_check_ok != 'on') { - if (empty($config['installedpackages']['snortglobal']['rule'][$id]['rule_sid_on']) && empty($config['installedpackages']['snortglobal']['rule'][$id]['rule_sid_off'])) { - update_status(gettext("Your first set of rules are being copied...")); - update_output_window(gettext("May take a while...")); - exec("/bin/cp {$snortdir}/rules/* {$snortdir_wan}/snort_{$iface_uuid}_{$if_real}/rules/"); - exec("/bin/cp {$snortdir}/classification.config {$snortdir_wan}/snort_{$iface_uuid}_{$if_real}"); - exec("/bin/cp {$snortdir}/gen-msg.map {$snortdir_wan}/snort_{$iface_uuid}_{$if_real}"); - exec("/bin/cp {$snortdir}/generators {$snortdir_wan}/snort_{$iface_uuid}_{$if_real}"); - exec("/bin/cp {$snortdir}/reference.config {$snortdir_wan}/snort_{$iface_uuid}_{$if_real}"); - exec("/bin/cp {$snortdir}/sid {$snortdir_wan}/snort_{$iface_uuid}_{$if_real}"); - exec("/bin/cp {$snortdir}/sid-msg.map {$snortdir_wan}/snort_{$iface_uuid}_{$if_real}"); - exec("/bin/cp {$snortdir}/unicode.map {$snortdir_wan}/snort_{$iface_uuid}_{$if_real}"); - } else { - update_status(gettext("Your enable and disable changes are being applied to your fresh set of rules...")); - update_output_window(gettext("May take a while...")); - exec("/bin/cp {$snortdir}/rules/* {$snortdir_wan}/snort_{$iface_uuid}_{$if_real}/rules/"); - exec("/bin/cp {$snortdir}/classification.config {$snortdir_wan}/snort_{$iface_uuid}_{$if_real}"); - exec("/bin/cp {$snortdir}/gen-msg.map {$snortdir_wan}/snort_{$iface_uuid}_{$if_real}"); - exec("/bin/cp {$snortdir}/generators {$snortdir_wan}/snort_{$iface_uuid}_{$if_real}"); - exec("/bin/cp {$snortdir}/reference.config {$snortdir_wan}/snort_{$iface_uuid}_{$if_real}"); - exec("/bin/cp {$snortdir}/sid {$snortdir_wan}/snort_{$iface_uuid}_{$if_real}"); - exec("/bin/cp {$snortdir}/sid-msg.map {$snortdir_wan}/snort_{$iface_uuid}_{$if_real}"); - exec("/bin/cp {$snortdir}/unicode.map {$snortdir_wan}/snort_{$iface_uuid}_{$if_real}"); - - /* might have to add a sleep for 3sec for flash drives or old drives */ - exec("/usr/local/bin/perl /usr/local/bin/oinkmaster.pl -C /usr/local/etc/snort/snort_{$iface_uuid}_{$if_real}/oinkmaster_{$iface_uuid}_{$if_real}.conf -o /usr/local/etc/snort/snort_{$iface_uuid}_{$if_real}/rules > /usr/local/etc/snort/oinkmaster_{$iface_uuid}_{$if_real}.log"); - - } - } -} - -/* Start the proccess for every interface rule */ -/* TODO: try to make the code smother */ -if (is_array($config['installedpackages']['snortglobal']['rule'])) -{ - foreach ($config['installedpackages']['snortglobal']['rule'] as $id => $value) { - $result_lan = $value['interface']; - $if_real = snort_get_real_interface($result_lan); - $iface_uuid = $value['uuid']; - - /* make oinkmaster.conf for each interface rule */ - oinkmaster_conf($id, $if_real, $iface_uuid); - - /* run oinkmaster for each interface rule */ - oinkmaster_run($id, $if_real, $iface_uuid); - } -} - -////////////// - -/* mark the time update finnished */ -$config['installedpackages']['snortglobal']['last_rules_install'] = date("Y-M-jS-h:i-A"); - -/* remove old $tmpfname files */ -if (is_dir('/usr/local/etc/snort/tmp')) { - update_status(gettext("Cleaning up...")); - exec("/bin/rm -r /usr/local/etc/snort/tmp/snort_rules_up"); - sleep(2); - exec("/bin/rm -r /usr/local/etc/snort/tmp/rules_bk"); -} - -/* XXX: These are needed if snort is run as snort user -mwexec("/usr/sbin/chown -R snort:snort /var/log/snort", true); -mwexec("/usr/sbin/chown -R snort:snort /usr/local/etc/snort", true); -mwexec("/usr/sbin/chown -R snort:snort /usr/local/lib/snort", true); -*/ -/* make all dirs snorts */ -mwexec("/bin/chmod -R 755 /var/log/snort", true); -mwexec("/bin/chmod -R 755 /usr/local/etc/snort", true); -mwexec("/bin/chmod -R 755 /usr/local/lib/snort", true); - -if ($snortdownload == 'off' && $emergingthreats == 'off' && $pfsensedownload == 'off') - update_output_window(gettext("Finished...")); -else if ($snort_md5_check_ok == 'on' && $emerg_md5_check_ok == 'on' && $pfsense_md5_check_ok == 'on') - update_output_window(gettext("Finished...")); -else { - /* You are Not Up to date, always stop snort when updating rules for low end machines */; - update_status(gettext("You are NOT up to date...")); - exec("/bin/sh /usr/local/etc/rc.d/snort.sh start"); - update_status(gettext("The Rules update finished...")); - update_output_window(gettext("Snort has restarted with your new set of rules...")); - exec("/bin/rm /tmp/snort_download_halt.pid"); -} - -update_status(gettext("The Rules update finished...")); -conf_mount_ro(); - -?> +<?php
+/*
+ snort_check_for_rule_updates.php
+ Copyright (C) 2006 Scott Ullrich
+ Copyright (C) 2009 Robert Zelaya
+ Copyright (C) 2011 Ermal Luci
+ All rights reserved.
+
+ Redistribution and use in source and binary forms, with or without
+ modification, are permitted provided that the following conditions are met:
+
+ 1. Redistributions of source code must retain the above copyright notice,
+ this list of conditions and the following disclaimer.
+
+ 2. Redistributions in binary form must reproduce the above copyright
+ notice, this list of conditions and the following disclaimer in the
+ documentation and/or other materials provided with the distribution.
+
+ THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
+ INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
+ AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
+ OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ POSSIBILITY OF SUCH DAMAGE.
+ */
+
+/* Setup enviroment */
+
+/* TODO: review if include files are needed */
+require_once("functions.inc");
+require_once("service-utils.inc");
+require_once("/usr/local/pkg/snort/snort.inc");
+
+$pkg_interface = "console";
+
+$tmpfname = "/usr/local/etc/snort/tmp/snort_rules_up";
+$snortdir = "/usr/local/etc/snort";
+$snortdir_wan = "/usr/local/etc/snort";
+$snort_filename_md5 = "{$snort_rules_file}.md5";
+$snort_filename = "{$snort_rules_file}";
+$emergingthreats_filename_md5 = "emerging.rules.tar.gz.md5";
+$emergingthreats_filename = "emerging.rules.tar.gz";
+$pfsense_rules_filename_md5 = "pfsense_rules.tar.gz.md5";
+$pfsense_rules_filename = "pfsense_rules.tar.gz";
+
+/* Time stamps define */
+$last_md5_download = $config['installedpackages']['snortglobal']['last_md5_download'];
+$last_rules_install = $config['installedpackages']['snortglobal']['last_rules_install'];
+
+$up_date_time = date('l jS \of F Y h:i:s A');
+echo "\n";
+echo "#########################\n";
+echo "$up_date_time\n";
+echo "#########################\n";
+echo "\n\n";
+
+/* define checks */
+$oinkid = $config['installedpackages']['snortglobal']['oinkmastercode'];
+$snortdownload = $config['installedpackages']['snortglobal']['snortdownload'];
+$emergingthreats = $config['installedpackages']['snortglobal']['emergingthreats'];
+
+if ($snortdownload == 'off' && $emergingthreats != 'on')
+ $snort_emrging_info = 'stop';
+
+if ($oinkid == "" && $snortdownload != 'off')
+ $snort_oinkid_info = 'stop';
+
+/* check if main rule directory is empty */
+$if_mrule_dir = "/usr/local/etc/snort/rules";
+$mfolder_chk = (count(glob("$if_mrule_dir/*")) === 0) ? 'empty' : 'full';
+
+if (file_exists('/var/run/snort.conf.dirty'))
+ $snort_dirty_d = 'stop';
+
+/* Start of code */
+conf_mount_rw();
+
+if (!is_dir('/usr/local/etc/snort/tmp'))
+ exec('/bin/mkdir -p /usr/local/etc/snort/tmp');
+
+$snort_md5_check_ok = 'off';
+$emerg_md5_check_ok = 'off';
+$pfsense_md5_check_ok = 'off';
+
+/* Set user agent to Mozilla */
+ini_set('user_agent','Mozilla/4.0 (compatible; MSIE 6.0)');
+ini_set("memory_limit","150M");
+
+/* mark the time update started */
+$config['installedpackages']['snortglobal']['last_md5_download'] = date("Y-M-jS-h:i-A");
+
+/* send current buffer */
+ob_flush();
+
+/* send current buffer */
+ob_flush();
+
+/* remove old $tmpfname files */
+if (is_dir("{$tmpfname}")) {
+ update_status(gettext("Removing old tmp files..."));
+ exec("/bin/rm -r {$tmpfname}");
+ apc_clear_cache();
+}
+
+/* Make shure snortdir exits */
+exec("/bin/mkdir -p {$snortdir}");
+exec("/bin/mkdir -p {$snortdir}/rules");
+exec("/bin/mkdir -p {$snortdir}/signatures");
+exec("/bin/mkdir -p {$tmpfname}");
+exec("/bin/mkdir -p /usr/local/lib/snort/dynamicrules/");
+
+/* send current buffer */
+ob_flush();
+
+$pfsensedownload = 'on';
+
+/* download md5 sig from snort.org */
+if ($snortdownload == 'on')
+{
+ if (file_exists("{$tmpfname}/{$snort_filename_md5}") &&
+ filesize("{$tmpfname}/{$snort_filename_md5}") > 0) {
+ update_status(gettext("snort.org md5 temp file exists..."));
+ } else {
+ update_status(gettext("Downloading snort.org md5 file..."));
+ ini_set('user_agent','Mozilla/4.0 (compatible; MSIE 6.0)');
+
+ //$image = @file_get_contents("http://www.mtest.local/pub-bin/oinkmaster.cgi/{$oinkid}/{$snort_filename_md5}");
+ $image = @file_get_contents("http://www.snort.org/pub-bin/oinkmaster.cgi/{$oinkid}/{$snort_filename_md5}");
+ @file_put_contents("{$tmpfname}/{$snort_filename_md5}", $image);
+ update_status(gettext("Done downloading snort.org md5"));
+ }
+}
+
+/* download md5 sig from emergingthreats.net */
+if ($emergingthreats == 'on')
+{
+ update_status(gettext("Downloading emergingthreats md5 file..."));
+ ini_set('user_agent','Mozilla/4.0 (compatible; MSIE 6.0)');
+ // $image = @file_get_contents("http://www.mtest.local/pub-bin/oinkmaster.cgi/{$oinkid}/version.txt");
+ $image = @file_get_contents('http://rules.emergingthreats.net/open/snort-2.9.0/emerging.rules.tar.gz.md5');
+ @file_put_contents("{$tmpfname}/{$emergingthreats_filename_md5}", $image);
+ update_status(gettext("Done downloading emergingthreats md5"));
+}
+
+/* download md5 sig from pfsense.org */
+if (file_exists("{$tmpfname}/{$pfsense_rules_filename_md5}")) {
+ update_status(gettext("pfsense md5 temp file exists..."));
+} else {
+ update_status(gettext("Downloading pfsense md5 file..."));
+ ini_set('user_agent','Mozilla/4.0 (compatible; MSIE 6.0)');
+ //$image = @file_get_contents("http://www.mtest.local/pub-bin/oinkmaster.cgi/{$oinkid}/pfsense_rules.tar.gz.md5");
+ $image = @file_get_contents("http://www.pfsense.com/packages/config/snort/pfsense_rules/pfsense_rules.tar.gz.md5");
+ @file_put_contents("{$tmpfname}/pfsense_rules.tar.gz.md5", $image);
+ update_status(gettext("Done downloading pfsense md5."));
+}
+
+/* If md5 file is empty wait 15min exit */
+if ($snortdownload == 'on')
+{
+ if (0 == filesize("{$tmpfname}/{$snort_filename_md5}"))
+ {
+ update_status(gettext("Please wait... You may only check for New Rules every 15 minutes..."));
+ update_output_window(gettext("Rules are released every month from snort.org. You may download the Rules at any time."));
+ $snortdownload = 'off';
+ }
+}
+
+/* If pfsense md5 file is empty wait 15min exit */
+if (0 == filesize("{$tmpfname}/$pfsense_rules_filename_md5")){
+ update_status(gettext("Please wait... You may only check for New Pfsense Rules every 15 minutes..."));
+ update_output_window(gettext("Rules are released to support Pfsense packages."));
+ $pfsensedownload = 'off';
+}
+
+/* Check if were up to date snort.org */
+if ($snortdownload == 'on')
+{
+ if (file_exists("{$snortdir}/{$snort_filename_md5}"))
+ {
+ $md5_check_new_parse = file_get_contents("{$tmpfname}/{$snort_filename_md5}");
+ $md5_check_new = `/bin/echo "{$md5_check_new_parse}" | /usr/bin/awk '{ print $1 }'`;
+ $md5_check_old_parse = file_get_contents("{$snortdir}/{$snort_filename_md5}");
+ $md5_check_old = `/bin/echo "{$md5_check_old_parse}" | /usr/bin/awk '{ print $1 }'`;
+ if ($md5_check_new == $md5_check_old)
+ {
+ update_status(gettext("Your rules are up to date..."));
+ update_output_window(gettext("You may start Snort now, check update."));
+ $snort_md5_check_ok = 'on';
+ } else {
+ update_status(gettext("Your rules are not up to date..."));
+ $snort_md5_check_ok = 'off';
+ }
+ }
+}
+
+/* Check if were up to date emergingthreats.net */
+if ($emergingthreats == 'on')
+{
+ if (file_exists("{$snortdir}/{$emergingthreats_filename_md5}"))
+ {
+ $emerg_md5_check_new_parse = file_get_contents("{$tmpfname}/{$emergingthreats_filename_md5}");
+ $emerg_md5_check_new = `/bin/echo "{$emerg_md5_check_new_parse}" | /usr/bin/awk '{ print $1 }'`;
+ $emerg_md5_check_old_parse = file_get_contents("{$snortdir}/{$emergingthreats_filename_md5}");
+ $emerg_md5_check_old = `/bin/echo "{$emerg_md5_check_old_parse}" | /usr/bin/awk '{ print $1 }'`;
+ if ($emerg_md5_check_new == $emerg_md5_check_old)
+ {
+ $emerg_md5_check_ok = 'on';
+ } else
+ $emerg_md5_check_ok = 'off';
+ }
+}
+
+/* Check if were up to date pfsense.org */
+if ($pfsensedownload == 'on' && file_exists("{$snortdir}/pfsense_rules.tar.gz.md5"))
+{
+ $pfsense_check_new_parse = file_get_contents("{$tmpfname}/pfsense_rules.tar.gz.md5");
+ $pfsense_md5_check_new = `/bin/echo "{$pfsense_md5_check_new_parse}" | /usr/bin/awk '{ print $1 }'`;
+ $pfsense_md5_check_old_parse = file_get_contents("{$snortdir}/pfsense_rules.tar.gz.md5");
+ $pfsense_md5_check_old = `/bin/echo "{$pfsense_md5_check_old_parse}" | /usr/bin/awk '{ print $1 }'`;
+ if ($pfsense_md5_check_new == $pfsense_md5_check_old)
+ {
+ $pfsense_md5_check_ok = 'on';
+ } else
+ $pfsense_md5_check_ok = 'off';
+}
+
+if ($snortdownload == 'on') {
+ if ($snort_md5_check_ok == 'on')
+ {
+ update_status(gettext("Your snort.org rules are up to date..."));
+ update_output_window(gettext("You may start Snort now..."));
+ $snortdownload = 'off';
+ }
+}
+if ($emergingthreats == 'on') {
+ if ($emerg_md5_check_ok == 'on')
+ {
+ update_status(gettext("Your Emergingthreats rules are up to date..."));
+ update_output_window(gettext("You may start Snort now..."));
+ $emergingthreats = 'off';
+ }
+}
+
+/* download snortrules file */
+if ($snortdownload == 'on')
+{
+ if ($snort_md5_check_ok != 'on') {
+ if (file_exists("{$tmpfname}/{$snort_filename}")) {
+ update_status(gettext("Snortrule tar file exists..."));
+ } else {
+ update_status(gettext("There is a new set of Snort.org rules posted. Downloading..."));
+ update_output_window(gettext("May take 4 to 10 min..."));
+ download_file_with_progress_bar("http://www.snort.org/pub-bin/oinkmaster.cgi/{$oinkid}/{$snort_filename}", "{$tmpfname}/{$snort_filename}");
+ update_all_status($static_output);
+ update_status(gettext("Done downloading rules file."));
+ if (300000 > filesize("{$tmpfname}/$snort_filename")){
+ update_status(gettext("Error with the snort rules download..."));
+ update_output_window(gettext("Snort rules file downloaded failed..."));
+ $snortdownload = 'off';
+ }
+ }
+ }
+}
+
+/* download emergingthreats rules file */
+if ($emergingthreats == "on")
+{
+ if ($emerg_md5_check_ok != 'on')
+ {
+ if (file_exists("{$tmpfname}/{$emergingthreats_filename}"))
+ {
+ update_status(gettext('Emergingthreats tar file exists...'));
+ }else{
+ update_status(gettext("There is a new set of Emergingthreats rules posted. Downloading..."));
+ update_output_window(gettext("May take 4 to 10 min..."));
+ download_file_with_progress_bar('http://rules.emergingthreats.net/open/snort-2.9.0/emerging.rules.tar.gz', "{$tmpfname}/{$emergingthreats_filename}");
+ update_status(gettext('Done downloading Emergingthreats rules file.'));
+ }
+ }
+}
+
+/* download pfsense rules file */
+if ($pfsensedownload == 'on' && $pfsense_md5_check_ok != 'on') {
+ if (file_exists("{$tmpfname}/{$pfsense_rules_filename}")) {
+ update_status(gettext("Snortrule tar file exists..."));
+ } else {
+ update_status(gettext("There is a new set of Pfsense rules posted. Downloading..."));
+ update_output_window(gettext("May take 4 to 10 min..."));
+ download_file_with_progress_bar("http://www.pfsense.com/packages/config/snort/pfsense_rules/pfsense_rules.tar.gz", $tmpfname . "/{$pfsense_rules_filename}");
+ update_all_status($static_output);
+ update_status(gettext("Done downloading rules file."));
+ }
+}
+
+/* Compair md5 sig to file sig */
+
+//$premium_url_chk = $config['installedpackages']['snort']['config'][0]['subscriber'];
+//if ($premium_url_chk == on) {
+//$md5 = file_get_contents("{$tmpfname}/{$snort_filename_md5}");
+//$file_md5_ondisk = `/sbin/md5 {$tmpfname}/{$snort_filename} | /usr/bin/awk '{ print $4 }'`;
+// if ($md5 == $file_md5_ondisk) {
+// update_status(gettext("Valid md5 checksum pass..."));
+//} else {
+// update_status(gettext("The downloaded file does not match the md5 file...P is ON"));
+// update_output_window(gettext("Error md5 Mismatch..."));
+// return;
+// }
+//}
+
+//$premium_url_chk = $config['installedpackages']['snort']['config'][0]['subscriber'];
+//if ($premium_url_chk != on) {
+//$md55 = `/bin/cat {$tmpfname}/{$snort_filename_md5} | /usr/bin/awk '{ print $4 }'`;
+//$file_md5_ondisk2 = `/sbin/md5 {$tmpfname}/{$snort_filename} | /usr/bin/awk '{ print $4 }'`;
+// if ($md55 == $file_md5_ondisk2) {
+// update_status(gettext("Valid md5 checksum pass..."));
+//} else {
+// update_status(gettext("The downloaded file does not match the md5 file...Not P"));
+// update_output_window(gettext("Error md5 Mismatch..."));
+// return;
+// }
+//}
+
+/* Untar snort rules file individually to help people with low system specs */
+if ($snortdownload == 'on')
+{
+ if ($snort_md5_check_ok != 'on') {
+ if (file_exists("{$tmpfname}/{$snort_filename}")) {
+
+ if ($pfsense_stable == 'yes')
+ $freebsd_version_so = 'FreeBSD-7-2';
+ else
+ $freebsd_version_so = 'FreeBSD-8-1';
+
+ update_status(gettext("Extracting Snort.org rules..."));
+ update_output_window(gettext("May take a while..."));
+ /* extract snort.org rules and add prefix to all snort.org files*/
+ exec("/bin/rm -r {$snortdir}/rules");
+ sleep(2);
+ exec("/usr/bin/tar xzf {$tmpfname}/{$snort_filename} -C {$snortdir} rules/");
+ chdir ("/usr/local/etc/snort/rules");
+ sleep(2);
+ exec('/usr/local/bin/perl /usr/local/bin/snort_rename.pl s/^/snort_/ *.rules');
+
+ /* extract so rules */
+ exec('/bin/mkdir -p /usr/local/lib/snort/dynamicrules/');
+ if($snort_arch == 'x86'){
+ exec("/usr/bin/tar xzf {$tmpfname}/{$snort_filename} -C {$snortdir} so_rules/precompiled/$freebsd_version_so/i386/2.9.0.5/");
+ exec("/bin/mv -f {$snortdir}/so_rules/precompiled/$freebsd_version_so/i386/2.9.0.5/* /usr/local/lib/snort/dynamicrules/");
+ } else if ($snort_arch == 'x64') {
+ exec("/usr/bin/tar xzf {$tmpfname}/{$snort_filename} -C {$snortdir} so_rules/precompiled/$freebsd_version_so/x86-64/2.9.0.5/");
+ exec("/bin/mv -f {$snortdir}/so_rules/precompiled/$freebsd_version_so/x86-64/2.9.0.5/* /usr/local/lib/snort/dynamicrules/");
+ }
+ /* extract so rules none bin and rename */
+ exec("/usr/bin/tar xzf {$tmpfname}/{$snort_filename} -C {$snortdir} so_rules/bad-traffic.rules/" .
+ " so_rules/chat.rules/" .
+ " so_rules/dos.rules/" .
+ " so_rules/exploit.rules/" .
+ " so_rules/icmp.rules/" .
+ " so_rules/imap.rules/" .
+ " so_rules/misc.rules/" .
+ " so_rules/multimedia.rules/" .
+ " so_rules/netbios.rules/" .
+ " so_rules/nntp.rules/" .
+ " so_rules/p2p.rules/" .
+ " so_rules/smtp.rules/" .
+ " so_rules/sql.rules/" .
+ " so_rules/web-activex.rules/" .
+ " so_rules/web-client.rules/" .
+ " so_rules/web-iis.rules/" .
+ " so_rules/web-misc.rules/");
+
+ exec("/bin/mv -f {$snortdir}/so_rules/bad-traffic.rules {$snortdir}/rules/snort_bad-traffic.so.rules");
+ exec("/bin/mv -f {$snortdir}/so_rules/chat.rules {$snortdir}/rules/snort_chat.so.rules");
+ exec("/bin/mv -f {$snortdir}/so_rules/dos.rules {$snortdir}/rules/snort_dos.so.rules");
+ exec("/bin/mv -f {$snortdir}/so_rules/exploit.rules {$snortdir}/rules/snort_exploit.so.rules");
+ exec("/bin/mv -f {$snortdir}/so_rules/icmp.rules {$snortdir}/rules/snort_icmp.so.rules");
+ exec("/bin/mv -f {$snortdir}/so_rules/imap.rules {$snortdir}/rules/snort_imap.so.rules");
+ exec("/bin/mv -f {$snortdir}/so_rules/misc.rules {$snortdir}/rules/snort_misc.so.rules");
+ exec("/bin/mv -f {$snortdir}/so_rules/multimedia.rules {$snortdir}/rules/snort_multimedia.so.rules");
+ exec("/bin/mv -f {$snortdir}/so_rules/netbios.rules {$snortdir}/rules/snort_netbios.so.rules");
+ exec("/bin/mv -f {$snortdir}/so_rules/nntp.rules {$snortdir}/rules/snort_nntp.so.rules");
+ exec("/bin/mv -f {$snortdir}/so_rules/p2p.rules {$snortdir}/rules/snort_p2p.so.rules");
+ exec("/bin/mv -f {$snortdir}/so_rules/smtp.rules {$snortdir}/rules/snort_smtp.so.rules");
+ exec("/bin/mv -f {$snortdir}/so_rules/sql.rules {$snortdir}/rules/snort_sql.so.rules");
+ exec("/bin/mv -f {$snortdir}/so_rules/web-activex.rules {$snortdir}/rules/snort_web-activex.so.rules");
+ exec("/bin/mv -f {$snortdir}/so_rules/web-client.rules {$snortdir}/rules/snort_web-client.so.rules");
+ exec("/bin/mv -f {$snortdir}/so_rules/web-iis.rules {$snortdir}/rules/snort_web-iis.so.rules");
+ exec("/bin/mv -f {$snortdir}/so_rules/web-misc.rules {$snortdir}/rules/snort_web-misc.so.rules");
+ exec("/bin/rm -r {$snortdir}/so_rules");
+ }
+
+ /* extract base etc files */
+ exec("/usr/bin/tar xzf {$tmpfname}/{$snort_filename} -C {$snortdir} etc/");
+ exec("/bin/mv -f {$snortdir}/etc/* {$snortdir}");
+ exec("/bin/rm -r {$snortdir}/etc");
+
+ update_status(gettext("Done extracting Snort.org Rules."));
+ }else{
+ update_status(gettext("Error extracting Snort.org Rules..."));
+ update_output_window(gettext("Error Line 755"));
+ $snortdownload = 'off';
+ }
+}
+
+/* Untar emergingthreats rules to tmp */
+if ($emergingthreats == 'on')
+{
+ if ($emerg_md5_check_ok != 'on')
+ {
+ if (file_exists("{$tmpfname}/{$emergingthreats_filename}"))
+ {
+ update_status(gettext("Extracting rules..."));
+ update_output_window(gettext("May take a while..."));
+ exec("/usr/bin/tar xzf {$tmpfname}/{$emergingthreats_filename} -C {$snortdir} rules/");
+ }
+ }
+}
+
+/* Untar Pfsense rules to tmp */
+if ($pfsensedownload == 'on' && $pfsense_md5_check_ok != 'on') {
+ if (file_exists("{$tmpfname}/{$pfsense_rules_filename}")) {
+ update_status(gettext("Extracting Pfsense rules..."));
+ update_output_window(gettext("May take a while..."));
+ exec("/usr/bin/tar xzf {$tmpfname}/{$pfsense_rules_filename} -C {$snortdir} rules/");
+ }
+}
+
+/* Untar snort signatures */
+if ($snortdownload == 'on' && $snort_md5_check_ok != 'on') {
+ if (file_exists("{$tmpfname}/{$snort_filename}")) {
+ $signature_info_chk = $config['installedpackages']['snortglobal']['signatureinfo'];
+ if ($premium_url_chk == 'on') {
+ update_status(gettext("Extracting Signatures..."));
+ update_output_window(gettext("May take a while..."));
+ exec("/usr/bin/tar xzf {$tmpfname}/{$snort_filename} -C {$snortdir} doc/signatures/");
+ update_status(gettext("Done extracting Signatures."));
+ }
+ }
+}
+
+/* Copy md5 sig to snort dir */
+if ($snortdownload == 'on')
+{
+ if ($snort_md5_check_ok != 'on') {
+ if (file_exists("{$tmpfname}/$snort_filename_md5")) {
+ update_status(gettext("Copying md5 sig to snort directory..."));
+ exec("/bin/cp {$tmpfname}/$snort_filename_md5 {$snortdir}/$snort_filename_md5");
+ }else{
+ update_status(gettext("The md5 file does not exist..."));
+ update_output_window(gettext("Error copying config..."));
+ $snortdownload = 'off';
+ }
+ }
+}
+
+/* Copy emergingthreats md5 sig to snort dir */
+if ($emergingthreats == "on")
+{
+ if ($emerg_md5_check_ok != 'on')
+ {
+ if (file_exists("{$tmpfname}/$emergingthreats_filename_md5"))
+ {
+ update_status(gettext("Copying md5 sig to snort directory..."));
+ exec("/bin/cp {$tmpfname}/$emergingthreats_filename_md5 {$snortdir}/$emergingthreats_filename_md5");
+ }else{
+ update_status(gettext("The emergingthreats md5 file does not exist..."));
+ update_output_window(gettext("Error copying config..."));
+ $emergingthreats = 'off';
+ }
+ }
+}
+
+/* Copy Pfsense md5 sig to snort dir */
+if ($pfsensedownload == 'on' && $pfsense_md5_check_ok != 'on') {
+ if (file_exists("{$tmpfname}/$pfsense_rules_filename_md5")) {
+ update_status(gettext("Copying Pfsense md5 sig to snort directory..."));
+ exec("/bin/cp {$tmpfname}/$pfsense_rules_filename_md5 {$snortdir}/$pfsense_rules_filename_md5");
+ } else {
+ update_status(gettext("The Pfsense md5 file does not exist..."));
+ update_output_window(gettext("Error copying config..."));
+ $pfsensedownload = 'off';
+ }
+}
+
+/* Copy signatures dir to snort dir */
+if ($snortdownload == 'on')
+{
+ if ($snort_md5_check_ok != 'on')
+ {
+ $signature_info_chk = $config['installedpackages']['snortglobal']['signatureinfo'];
+ if ($premium_url_chk == 'on')
+ {
+ if (file_exists("{$snortdir}/doc/signatures")) {
+ update_status(gettext("Copying signatures..."));
+ update_output_window(gettext("May take a while..."));
+ exec("/bin/mv -f {$snortdir}/doc/signatures {$snortdir}/signatures");
+ exec("/bin/rm -r {$snortdir}/doc/signatures");
+ update_status(gettext("Done copying signatures."));
+ }else{
+ update_status(gettext("Directory signatures exist..."));
+ update_output_window(gettext("Error copying signature..."));
+ $snortdownload = 'off';
+ }
+ }
+ }
+}
+
+/* double make shure cleanup emerg rules that dont belong */
+if (file_exists("/usr/local/etc/snort/rules/emerging-botcc-BLOCK.rules")) {
+ apc_clear_cache();
+ @unlink("/usr/local/etc/snort/rules/emerging-botcc-BLOCK.rules");
+ @unlink("/usr/local/etc/snort/rules/emerging-botcc.rules");
+ @unlink("/usr/local/etc/snort/rules/emerging-compromised-BLOCK.rules");
+ @unlink("/usr/local/etc/snort/rules/emerging-drop-BLOCK.rules");
+ @unlink("/usr/local/etc/snort/rules/emerging-dshield-BLOCK.rules");
+ @unlink("/usr/local/etc/snort/rules/emerging-rbn-BLOCK.rules");
+ @unlink("/usr/local/etc/snort/rules/emerging-tor-BLOCK.rules");
+}
+
+if (file_exists("/usr/local/lib/snort/dynamicrules/lib_sfdynamic_example_rule.so")) {
+ exec("/bin/rm /usr/local/lib/snort/dynamicrules/lib_sfdynamic_example_rule.so");
+ exec("/bin/rm /usr/local/lib/snort/dynamicrules/lib_sfdynamic_example\*");
+}
+
+/* make shure default rules are in the right format */
+exec("/usr/local/bin/perl -pi -e 's/#alert/# alert/g' /usr/local/etc/snort/rules/*.rules");
+exec("/usr/local/bin/perl -pi -e 's/##alert/# alert/g' /usr/local/etc/snort/rules/*.rules");
+exec("/usr/local/bin/perl -pi -e 's/## alert/# alert/g' /usr/local/etc/snort/rules/*.rules");
+
+/* create a msg-map for snort */
+update_status(gettext("Updating Alert Messages..."));
+update_output_window(gettext("Please Wait..."));
+exec("/usr/local/bin/perl /usr/local/bin/create-sidmap.pl /usr/local/etc/snort/rules > /usr/local/etc/snort/sid-msg.map");
+
+
+//////////////////
+/* open oinkmaster_conf for writing" function */
+function oinkmaster_conf($id, $if_real, $iface_uuid)
+{
+ global $config, $g, $snort_md5_check_ok, $emerg_md5_check_ok, $pfsense_md5_check_ok;
+
+ @unlink("/usr/local/etc/snort/snort_{$iface_uuid}_{$if_real}/oinkmaster_{$iface_uuid}_{$if_real}.conf");
+
+ /* enable disable setting will carry over with updates */
+ /* TODO carry signature changes with the updates */
+ if ($snort_md5_check_ok != 'on' || $emerg_md5_check_ok != 'on' || $pfsense_md5_check_ok != 'on') {
+
+ $selected_sid_on_section = "";
+ $selected_sid_off_sections = "";
+
+ if (!empty($config['installedpackages']['snortglobal']['rule'][$id]['rule_sid_on'])) {
+ $enabled_sid_on = trim($config['installedpackages']['snortglobal']['rule'][$id]['rule_sid_on']);
+ $enabled_sid_on_array = split('\|\|', $enabled_sid_on);
+ foreach($enabled_sid_on_array as $enabled_item_on)
+ $selected_sid_on_sections .= "$enabled_item_on\n";
+ }
+
+ if (!empty($config['installedpackages']['snortglobal']['rule'][$id]['rule_sid_off'])) {
+ $enabled_sid_off = trim($config['installedpackages']['snortglobal']['rule'][$id]['rule_sid_off']);
+ $enabled_sid_off_array = split('\|\|', $enabled_sid_off);
+ foreach($enabled_sid_off_array as $enabled_item_off)
+ $selected_sid_off_sections .= "$enabled_item_off\n";
+ }
+
+ if (!empty($selected_sid_off_sections) || !empty($selected_sid_on_section)) {
+ $snort_sid_text = <<<EOD
+
+###########################################
+# #
+# this is auto generated on snort updates #
+# #
+###########################################
+
+path = /bin:/usr/bin:/usr/local/bin
+
+update_files = \.rules$|\.config$|\.conf$|\.txt$|\.map$
+
+url = dir:///usr/local/etc/snort/rules
+
+$selected_sid_on_sections
+
+$selected_sid_off_sections
+
+EOD;
+
+ /* open snort's oinkmaster.conf for writing */
+ @file_put_contents("/usr/local/etc/snort/snort_{$iface_uuid}_{$if_real}/oinkmaster_{$iface_uuid}_{$if_real}.conf", $snort_sid_text);
+ }
+ }
+}
+
+/* Run oinkmaster to snort_wan and cp configs */
+/* If oinkmaster is not needed cp rules normally */
+/* TODO add per interface settings here */
+function oinkmaster_run($id, $if_real, $iface_uuid)
+{
+ global $config, $g, $snortdir_wan, $snortdir, $snort_md5_check_ok, $emerg_md5_check_ok, $pfsense_md5_check_ok;
+
+ if ($snort_md5_check_ok != 'on' || $emerg_md5_check_ok != 'on' || $pfsense_md5_check_ok != 'on') {
+ if (empty($config['installedpackages']['snortglobal']['rule'][$id]['rule_sid_on']) && empty($config['installedpackages']['snortglobal']['rule'][$id]['rule_sid_off'])) {
+ update_status(gettext("Your first set of rules are being copied..."));
+ update_output_window(gettext("May take a while..."));
+ exec("/bin/cp {$snortdir}/rules/* {$snortdir_wan}/snort_{$iface_uuid}_{$if_real}/rules/");
+ exec("/bin/cp {$snortdir}/classification.config {$snortdir_wan}/snort_{$iface_uuid}_{$if_real}");
+ exec("/bin/cp {$snortdir}/gen-msg.map {$snortdir_wan}/snort_{$iface_uuid}_{$if_real}");
+ exec("/bin/cp {$snortdir}/generators {$snortdir_wan}/snort_{$iface_uuid}_{$if_real}");
+ exec("/bin/cp {$snortdir}/reference.config {$snortdir_wan}/snort_{$iface_uuid}_{$if_real}");
+ exec("/bin/cp {$snortdir}/sid {$snortdir_wan}/snort_{$iface_uuid}_{$if_real}");
+ exec("/bin/cp {$snortdir}/sid-msg.map {$snortdir_wan}/snort_{$iface_uuid}_{$if_real}");
+ exec("/bin/cp {$snortdir}/unicode.map {$snortdir_wan}/snort_{$iface_uuid}_{$if_real}");
+ } else {
+ update_status(gettext("Your enable and disable changes are being applied to your fresh set of rules..."));
+ update_output_window(gettext("May take a while..."));
+ exec("/bin/cp {$snortdir}/rules/* {$snortdir_wan}/snort_{$iface_uuid}_{$if_real}/rules/");
+ exec("/bin/cp {$snortdir}/classification.config {$snortdir_wan}/snort_{$iface_uuid}_{$if_real}");
+ exec("/bin/cp {$snortdir}/gen-msg.map {$snortdir_wan}/snort_{$iface_uuid}_{$if_real}");
+ exec("/bin/cp {$snortdir}/generators {$snortdir_wan}/snort_{$iface_uuid}_{$if_real}");
+ exec("/bin/cp {$snortdir}/reference.config {$snortdir_wan}/snort_{$iface_uuid}_{$if_real}");
+ exec("/bin/cp {$snortdir}/sid {$snortdir_wan}/snort_{$iface_uuid}_{$if_real}");
+ exec("/bin/cp {$snortdir}/sid-msg.map {$snortdir_wan}/snort_{$iface_uuid}_{$if_real}");
+ exec("/bin/cp {$snortdir}/unicode.map {$snortdir_wan}/snort_{$iface_uuid}_{$if_real}");
+
+ /* might have to add a sleep for 3sec for flash drives or old drives */
+ exec("/usr/local/bin/perl /usr/local/bin/oinkmaster.pl -C /usr/local/etc/snort/snort_{$iface_uuid}_{$if_real}/oinkmaster_{$iface_uuid}_{$if_real}.conf -o /usr/local/etc/snort/snort_{$iface_uuid}_{$if_real}/rules > /usr/local/etc/snort/oinkmaster_{$iface_uuid}_{$if_real}.log");
+
+ }
+ }
+}
+
+/* Start the proccess for every interface rule */
+/* TODO: try to make the code smother */
+if (is_array($config['installedpackages']['snortglobal']['rule']))
+{
+ foreach ($config['installedpackages']['snortglobal']['rule'] as $id => $value) {
+ $result_lan = $value['interface'];
+ $if_real = snort_get_real_interface($result_lan);
+ $iface_uuid = $value['uuid'];
+
+ /* make oinkmaster.conf for each interface rule */
+ oinkmaster_conf($id, $if_real, $iface_uuid);
+
+ /* run oinkmaster for each interface rule */
+ oinkmaster_run($id, $if_real, $iface_uuid);
+ }
+}
+
+//////////////
+
+/* mark the time update finnished */
+$config['installedpackages']['snortglobal']['last_rules_install'] = date("Y-M-jS-h:i-A");
+
+/* remove old $tmpfname files */
+if (is_dir('/usr/local/etc/snort/tmp')) {
+ update_status(gettext("Cleaning up..."));
+ exec("/bin/rm -r /usr/local/etc/snort/tmp/snort_rules_up");
+ sleep(2);
+ exec("/bin/rm -r /usr/local/etc/snort/tmp/rules_bk");
+}
+
+/* XXX: These are needed if snort is run as snort user
+mwexec("/usr/sbin/chown -R snort:snort /var/log/snort", true);
+mwexec("/usr/sbin/chown -R snort:snort /usr/local/etc/snort", true);
+mwexec("/usr/sbin/chown -R snort:snort /usr/local/lib/snort", true);
+*/
+/* make all dirs snorts */
+mwexec("/bin/chmod -R 755 /var/log/snort", true);
+mwexec("/bin/chmod -R 755 /usr/local/etc/snort", true);
+mwexec("/bin/chmod -R 755 /usr/local/lib/snort", true);
+
+if ($snortdownload == 'off' && $emergingthreats == 'off' && $pfsensedownload == 'off')
+ update_output_window(gettext("Finished..."));
+else if ($snort_md5_check_ok == 'on' && $emerg_md5_check_ok == 'on' && $pfsense_md5_check_ok == 'on')
+ update_output_window(gettext("Finished..."));
+else {
+ /* You are Not Up to date, always stop snort when updating rules for low end machines */;
+ update_status(gettext("You are NOT up to date..."));
+ exec("/bin/sh /usr/local/etc/rc.d/snort.sh start");
+ update_status(gettext("The Rules update finished..."));
+ update_output_window(gettext("Snort has restarted with your new set of rules..."));
+ exec("/bin/rm /tmp/snort_download_halt.pid");
+}
+
+update_status(gettext("The Rules update finished..."));
+conf_mount_ro();
+
+?>
diff --git a/config/snort-dev/snort_define_servers.php b/config/snort-dev/snort_define_servers.php index 497f0a79..853d2a9b 100644 --- a/config/snort-dev/snort_define_servers.php +++ b/config/snort-dev/snort_define_servers.php @@ -1,541 +1,541 @@ -<?php -/* $Id$ */ -/* - snort_define_servers.php - part of m0n0wall (http://m0n0.ch/wall) - - Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>. - Copyright (C) 2008-2009 Robert Zelaya. - All rights reserved. - - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions are met: - - 1. Redistributions of source code must retain the above copyright notice, - this list of conditions and the following disclaimer. - - 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. - - THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, - INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY - AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, - OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - POSSIBILITY OF SUCH DAMAGE. - */ - -/* - -TODO: Nov 12 09 -Clean this code up its ugly -Important add error checking - -*/ - -//require_once("globals.inc"); -require_once("guiconfig.inc"); -require_once("/usr/local/pkg/snort/snort_gui.inc"); -require_once("/usr/local/pkg/snort/snort.inc"); - -global $g; - -$id = $_GET['id']; -if (isset($_POST['id'])) - $id = $_POST['id']; -if (is_null($id)) { - header("Location: /snort/snort_interfaces.php"); - exit; -} - -if (!is_array($config['installedpackages']['snortglobal']['rule'])) { - $config['installedpackages']['snortglobal']['rule'] = array(); -} -$a_nat = &$config['installedpackages']['snortglobal']['rule']; - -$pconfig = array(); -if (isset($id) && $a_nat[$id]) { - $pconfig = $a_nat[$id]; - - /* old options */ - $pconfig['def_dns_servers'] = $a_nat[$id]['def_dns_servers']; - $pconfig['def_dns_ports'] = $a_nat[$id]['def_dns_ports']; - $pconfig['def_smtp_servers'] = $a_nat[$id]['def_smtp_servers']; - $pconfig['def_smtp_ports'] = $a_nat[$id]['def_smtp_ports']; - $pconfig['def_mail_ports'] = $a_nat[$id]['def_mail_ports']; - $pconfig['def_http_servers'] = $a_nat[$id]['def_http_servers']; - $pconfig['def_www_servers'] = $a_nat[$id]['def_www_servers']; - $pconfig['def_http_ports'] = $a_nat[$id]['def_http_ports']; - $pconfig['def_sql_servers'] = $a_nat[$id]['def_sql_servers']; - $pconfig['def_oracle_ports'] = $a_nat[$id]['def_oracle_ports']; - $pconfig['def_mssql_ports'] = $a_nat[$id]['def_mssql_ports']; - $pconfig['def_telnet_servers'] = $a_nat[$id]['def_telnet_servers']; - $pconfig['def_telnet_ports'] = $a_nat[$id]['def_telnet_ports']; - $pconfig['def_snmp_servers'] = $a_nat[$id]['def_snmp_servers']; - $pconfig['def_snmp_ports'] = $a_nat[$id]['def_snmp_ports']; - $pconfig['def_ftp_servers'] = $a_nat[$id]['def_ftp_servers']; - $pconfig['def_ftp_ports'] = $a_nat[$id]['def_ftp_ports']; - $pconfig['def_ssh_servers'] = $a_nat[$id]['def_ssh_servers']; - $pconfig['def_ssh_ports'] = $a_nat[$id]['def_ssh_ports']; - $pconfig['def_pop_servers'] = $a_nat[$id]['def_pop_servers']; - $pconfig['def_pop2_ports'] = $a_nat[$id]['def_pop2_ports']; - $pconfig['def_pop3_ports'] = $a_nat[$id]['def_pop3_ports']; - $pconfig['def_imap_servers'] = $a_nat[$id]['def_imap_servers']; - $pconfig['def_imap_ports'] = $a_nat[$id]['def_imap_ports']; - $pconfig['def_sip_proxy_ip'] = $a_nat[$id]['def_sip_proxy_ip']; - $pconfig['def_sip_servers'] = $a_nat[$id]['def_sip_servers']; - $pconfig['def_sip_ports'] = $a_nat[$id]['def_sip_ports']; - $pconfig['def_sip_proxy_ports'] = $a_nat[$id]['def_sip_proxy_ports']; - $pconfig['def_auth_ports'] = $a_nat[$id]['def_auth_ports']; - $pconfig['def_finger_ports'] = $a_nat[$id]['def_finger_ports']; - $pconfig['def_irc_ports'] = $a_nat[$id]['def_irc_ports']; - $pconfig['def_nntp_ports'] = $a_nat[$id]['def_nntp_ports']; - $pconfig['def_rlogin_ports'] = $a_nat[$id]['def_rlogin_ports']; - $pconfig['def_rsh_ports'] = $a_nat[$id]['def_rsh_ports']; - $pconfig['def_ssl_ports'] = $a_nat[$id]['def_ssl_ports']; -} - -/* convert fake interfaces to real */ -$if_real = snort_get_real_interface($pconfig['interface']); -$snort_uuid = $config['installedpackages']['snortglobal']['rule'][$id]['uuid']; - -/* alert file */ -$d_snortconfdirty_path = "/var/run/snort_conf_{$snort_uuid}_{$if_real}.dirty"; - -if ($_POST) { - - $natent = array(); - $natent = $pconfig; - - /* if no errors write to conf */ - if (!$input_errors) { - /* post new options */ - if ($_POST['def_dns_servers'] != "") { $natent['def_dns_servers'] = $_POST['def_dns_servers']; }else{ $natent['def_dns_servers'] = ""; } - if ($_POST['def_dns_ports'] != "") { $natent['def_dns_ports'] = $_POST['def_dns_ports']; }else{ $natent['def_dns_ports'] = ""; } - if ($_POST['def_smtp_servers'] != "") { $natent['def_smtp_servers'] = $_POST['def_smtp_servers']; }else{ $natent['def_smtp_servers'] = ""; } - if ($_POST['def_smtp_ports'] != "") { $natent['def_smtp_ports'] = $_POST['def_smtp_ports']; }else{ $natent['def_smtp_ports'] = ""; } - if ($_POST['def_mail_ports'] != "") { $natent['def_mail_ports'] = $_POST['def_mail_ports']; }else{ $natent['def_mail_ports'] = ""; } - if ($_POST['def_http_servers'] != "") { $natent['def_http_servers'] = $_POST['def_http_servers']; }else{ $natent['def_http_servers'] = ""; } - if ($_POST['def_www_servers'] != "") { $natent['def_www_servers'] = $_POST['def_www_servers']; }else{ $natent['def_www_servers'] = ""; } - if ($_POST['def_http_ports'] != "") { $natent['def_http_ports'] = $_POST['def_http_ports']; }else{ $natent['def_http_ports'] = ""; } - if ($_POST['def_sql_servers'] != "") { $natent['def_sql_servers'] = $_POST['def_sql_servers']; }else{ $natent['def_sql_servers'] = ""; } - if ($_POST['def_oracle_ports'] != "") { $natent['def_oracle_ports'] = $_POST['def_oracle_ports']; }else{ $natent['def_oracle_ports'] = ""; } - if ($_POST['def_mssql_ports'] != "") { $natent['def_mssql_ports'] = $_POST['def_mssql_ports']; }else{ $natent['def_mssql_ports'] = ""; } - if ($_POST['def_telnet_servers'] != "") { $natent['def_telnet_servers'] = $_POST['def_telnet_servers']; }else{ $natent['def_telnet_servers'] = ""; } - if ($_POST['def_telnet_ports'] != "") { $natent['def_telnet_ports'] = $_POST['def_telnet_ports']; }else{ $natent['def_telnet_ports'] = ""; } - if ($_POST['def_snmp_servers'] != "") { $natent['def_snmp_servers'] = $_POST['def_snmp_servers']; }else{ $natent['def_snmp_servers'] = ""; } - if ($_POST['def_snmp_ports'] != "") { $natent['def_snmp_ports'] = $_POST['def_snmp_ports']; }else{ $natent['def_snmp_ports'] = ""; } - if ($_POST['def_ftp_servers'] != "") { $natent['def_ftp_servers'] = $_POST['def_ftp_servers']; }else{ $natent['def_ftp_servers'] = ""; } - if ($_POST['def_ftp_ports'] != "") { $natent['def_ftp_ports'] = $_POST['def_ftp_ports']; }else{ $natent['def_ftp_ports'] = ""; } - if ($_POST['def_ssh_servers'] != "") { $natent['def_ssh_servers'] = $_POST['def_ssh_servers']; }else{ $natent['def_ssh_servers'] = ""; } - if ($_POST['def_ssh_ports'] != "") { $natent['def_ssh_ports'] = $_POST['def_ssh_ports']; }else{ $natent['def_ssh_ports'] = ""; } - if ($_POST['def_pop_servers'] != "") { $natent['def_pop_servers'] = $_POST['def_pop_servers']; }else{ $natent['def_pop_servers'] = ""; } - if ($_POST['def_pop2_ports'] != "") { $natent['def_pop2_ports'] = $_POST['def_pop2_ports']; }else{ $natent['def_pop2_ports'] = ""; } - if ($_POST['def_pop3_ports'] != "") { $natent['def_pop3_ports'] = $_POST['def_pop3_ports']; }else{ $natent['def_pop3_ports'] = ""; } - if ($_POST['def_imap_servers'] != "") { $natent['def_imap_servers'] = $_POST['def_imap_servers']; }else{ $natent['def_imap_servers'] = ""; } - if ($_POST['def_imap_ports'] != "") { $natent['def_imap_ports'] = $_POST['def_imap_ports']; }else{ $natent['def_imap_ports'] = ""; } - if ($_POST['def_sip_proxy_ip'] != "") { $natent['def_sip_proxy_ip'] = $_POST['def_sip_proxy_ip']; }else{ $natent['def_sip_proxy_ip'] = ""; } - if ($_POST['def_sip_proxy_ports'] != "") { $natent['def_sip_proxy_ports'] = $_POST['def_sip_proxy_ports']; }else{ $natent['def_sip_proxy_ports'] = ""; } - if ($_POST['def_sip_servers'] != "") { $natent['def_sip_servers'] = $_POST['def_sip_servers']; }else{ $natent['def_sip_servers'] = ""; } - if ($_POST['def_sip_ports'] != "") { $natent['def_sip_ports'] = $_POST['def_sip_ports']; }else{ $natent['def_sip_ports'] = ""; } - if ($_POST['def_auth_ports'] != "") { $natent['def_auth_ports'] = $_POST['def_auth_ports']; }else{ $natent['def_auth_ports'] = ""; } - if ($_POST['def_finger_ports'] != "") { $natent['def_finger_ports'] = $_POST['def_finger_ports']; }else{ $natent['def_finger_ports'] = ""; } - if ($_POST['def_irc_ports'] != "") { $natent['def_irc_ports'] = $_POST['def_irc_ports']; }else{ $natent['def_irc_ports'] = ""; } - if ($_POST['def_nntp_ports'] != "") { $natent['def_nntp_ports'] = $_POST['def_nntp_ports']; }else{ $natent['def_nntp_ports'] = ""; } - if ($_POST['def_rlogin_ports'] != "") { $natent['def_rlogin_ports'] = $_POST['def_rlogin_ports']; }else{ $natent['def_rlogin_ports'] = ""; } - if ($_POST['def_rsh_ports'] != "") { $natent['def_rsh_ports'] = $_POST['def_rsh_ports']; }else{ $natent['def_rsh_ports'] = ""; } - if ($_POST['def_ssl_ports'] != "") { $natent['def_ssl_ports'] = $_POST['def_ssl_ports']; }else{ $natent['def_ssl_ports'] = ""; } - - - if (isset($id) && $a_nat[$id]) - $a_nat[$id] = $natent; - else { - if (is_numeric($after)) - array_splice($a_nat, $after+1, 0, array($natent)); - else - $a_nat[] = $natent; - } - - write_config(); - - sync_snort_package_config(); - - /* after click go to this page */ - header( 'Expires: Sat, 26 Jul 1997 05:00:00 GMT' ); - header( 'Last-Modified: ' . gmdate( 'D, d M Y H:i:s' ) . ' GMT' ); - header( 'Cache-Control: no-store, no-cache, must-revalidate' ); - header( 'Cache-Control: post-check=0, pre-check=0', false ); - header( 'Pragma: no-cache' ); - header("Location: snort_define_servers.php?id=$id"); - exit; - } -} - -$pgtitle = "Snort: Interface $id$if_real Define Servers"; -include_once("head.inc"); - -?> -<body - link="#0000CC" vlink="#0000CC" alink="#0000CC"> - -<?php -include("fbegin.inc"); -if($pfsense_stable == 'yes'){echo '<p class="pgtitle">' . $pgtitle . '</p>';} - -echo "{$snort_general_css}\n"; -?> - -<form action="snort_define_servers.php" method="post" - enctype="multipart/form-data" name="iform" id="iform"><?php - - /* Display Alert message */ - - if ($input_errors) { - print_input_errors($input_errors); // TODO: add checks - } - - if ($savemsg) { - print_info_box2($savemsg); - } - - ?> - -<table width="100%" border="0" cellpadding="0" cellspacing="0"> -<tr><td> -<?php - $tab_array = array(); - $tabid = 0; - $tab_array[$tabid] = array(gettext("Snort Interfaces"), false, "/snort/snort_interfaces.php"); - $tabid++; - $tab_array[$tabid] = array(gettext("If Settings"), false, "/snort/snort_interfaces_edit.php?id={$id}"); - $tabid++; - $tab_array[$tabid] = array(gettext("Categories"), false, "/snort/snort_rulesets.php?id={$id}"); - $tabid++; - $tab_array[$tabid] = array(gettext("Rules"), false, "/snort/snort_rules.php?id={$id}"); - $tabid++; - $tab_array[$tabid] = array(gettext("Servers"), true, "/snort/snort_define_servers.php?id={$id}"); - $tabid++; - $tab_array[$tabid] = array(gettext("Preprocessors"), false, "/snort/snort_preprocessors.php?id={$id}"); - $tabid++; - $tab_array[$tabid] = array(gettext("Barnyard2"), false, "/snort/snort_barnyard.php?id={$id}"); - display_top_tabs($tab_array); -?> -</td></tr> -<tr> - <td class="tabcont"> - <table width="100%" border="0" cellpadding="6" cellspacing="0"> - <tr> - <td width="22%" valign="top"> </td> - <td width="78%"><span class="vexpl"><span class="red"><strong>Note:</strong></span><br> - Please save your settings before you click start.<br> - Please make sure there are <strong>no spaces</strong> in your - definitions. </td> - </tr> - <tr> - <td colspan="2" valign="top" class="listtopic">Define Servers</td> - </tr> - <tr> - <td width="22%" valign="top" class="vncell2">Define DNS_SERVERS</td> - <td width="78%" class="vtable"><input name="def_dns_servers" - type="text" class="formfld" id="def_dns_servers" size="40" - value="<?=htmlspecialchars($pconfig['def_dns_servers']);?>"> <br> - <span class="vexpl">Example: "192.168.1.3/24,192.168.1.4/24". Leave - blank to scan all networks.</span></td> - </tr> - <tr> - <td width="22%" valign="top" class="vncell2">Define DNS_PORTS</td> - <td width="78%" class="vtable"><input name="def_dns_ports" - type="text" class="formfld" id="def_dns_ports" size="40" - value="<?=htmlspecialchars($pconfig['def_dns_ports']);?>"> <br> - <span class="vexpl">Example: Specific ports "25,443" or All ports - betwen "5060:5090 . Default is 53.</span></td> - </tr> - <tr> - <td width="22%" valign="top" class="vncell2">Define SMTP_SERVERS</td> - <td width="78%" class="vtable"><input name="def_smtp_servers" - type="text" class="formfld" id="def_smtp_servers" size="40" - value="<?=htmlspecialchars($pconfig['def_smtp_servers']);?>"> <br> - <span class="vexpl">Example: "192.168.1.3/24,192.168.1.4/24". Leave - blank to scan all networks.</span></td> - </tr> - <tr> - <td width="22%" valign="top" class="vncell2">Define SMTP_PORTS</td> - <td width="78%" class="vtable"><input name="def_smtp_ports" - type="text" class="formfld" id="def_smtp_ports" size="40" - value="<?=htmlspecialchars($pconfig['def_smtp_ports']);?>"> <br> - <span class="vexpl">Example: Specific ports "25,443" or All ports - betwen "5060:5090 . Default is 25.</span></td> - </tr> - <tr> - <td width="22%" valign="top" class="vncell2">Define Mail_Ports</td> - <td width="78%" class="vtable"><input name="def_mail_ports" - type="text" class="formfld" id="def_mail_ports" size="40" - value="<?=htmlspecialchars($pconfig['def_mail_ports']);?>"> <br> - <span class="vexpl">Example: Specific ports "25,443" or All ports - betwen "5060:5090 . Default is 25,143,465,691.</span></td> - </tr> - <tr> - <td width="22%" valign="top" class="vncell2">Define HTTP_SERVERS</td> - <td width="78%" class="vtable"><input name="def_http_servers" - type="text" class="formfld" id="def_http_servers" size="40" - value="<?=htmlspecialchars($pconfig['def_http_servers']);?>"> <br> - <span class="vexpl">Example: "192.168.1.3/24,192.168.1.4/24". Leave - blank to scan all networks.</span></td> - </tr> - <tr> - <td width="22%" valign="top" class="vncell2">Define WWW_SERVERS</td> - <td width="78%" class="vtable"><input name="def_www_servers" - type="text" class="formfld" id="def_www_servers" size="40" - value="<?=htmlspecialchars($pconfig['def_www_servers']);?>"> <br> - <span class="vexpl">Example: "192.168.1.3/24,192.168.1.4/24". Leave - blank to scan all networks.</span></td> - </tr> - <tr> - <td width="22%" valign="top" class="vncell2">Define HTTP_PORTS</td> - <td width="78%" class="vtable"><input name="def_http_ports" - type="text" class="formfld" id="def_http_ports" size="40" - value="<?=htmlspecialchars($pconfig['def_http_ports']);?>"> <br> - <span class="vexpl">Example: Specific ports "25,443" or All ports - betwen "5060:5090 . Default is 80.</span></td> - </tr> - <tr> - <td width="22%" valign="top" class="vncell2">Define SQL_SERVERS</td> - <td width="78%" class="vtable"><input name="def_sql_servers" - type="text" class="formfld" id="def_sql_servers" size="40" - value="<?=htmlspecialchars($pconfig['def_sql_servers']);?>"> <br> - <span class="vexpl">Example: "192.168.1.3/24,192.168.1.4/24". Leave - blank to scan all networks.</span></td> - </tr> - <tr> - <td width="22%" valign="top" class="vncell2">Define ORACLE_PORTS</td> - <td width="78%" class="vtable"><input name="def_oracle_ports" - type="text" class="formfld" id="def_oracle_ports" size="40" - value="<?=htmlspecialchars($pconfig['def_oracle_ports']);?>"> <br> - <span class="vexpl">Example: Specific ports "25,443" or All ports - betwen "5060:5090 . Default is 1521.</span></td> - </tr> - <tr> - <td width="22%" valign="top" class="vncell2">Define MSSQL_PORTS</td> - <td width="78%" class="vtable"><input name="def_mssql_ports" - type="text" class="formfld" id="def_mssql_ports" size="40" - value="<?=htmlspecialchars($pconfig['def_mssql_ports']);?>"> <br> - <span class="vexpl">Example: Specific ports "25,443" or All ports - betwen "5060:5090 . Default is 1433.</span></td> - </tr> - <tr> - <td width="22%" valign="top" class="vncell2">Define TELNET_SERVERS</td> - <td width="78%" class="vtable"><input name="def_telnet_servers" - type="text" class="formfld" id="def_telnet_servers" size="40" - value="<?=htmlspecialchars($pconfig['def_telnet_servers']);?>"> <br> - <span class="vexpl">Example: "192.168.1.3/24,192.168.1.4/24". Leave - blank to scan all networks.</span></td> - </tr> - <tr> - <td width="22%" valign="top" class="vncell2">Define TELNET_PORTS</td> - <td width="78%" class="vtable"><input name="def_telnet_ports" - type="text" class="formfld" id="def_telnet_ports" size="40" - value="<?=htmlspecialchars($pconfig['def_telnet_ports']);?>"> <br> - <span class="vexpl">Example: Specific ports "25,443" or All ports - betwen "5060:5090 . Default is 23.</span></td> - </tr> - <tr> - <td width="22%" valign="top" class="vncell2">Define SNMP_SERVERS</td> - <td width="78%" class="vtable"><input name="def_snmp_servers" - type="text" class="formfld" id="def_snmp_servers" size="40" - value="<?=htmlspecialchars($pconfig['def_snmp_servers']);?>"> <br> - <span class="vexpl">Example: "192.168.1.3/24,192.168.1.4/24". Leave - blank to scan all networks.</span></td> - </tr> - <tr> - <td width="22%" valign="top" class="vncell2">Define SNMP_PORTS</td> - <td width="78%" class="vtable"><input name="def_snmp_ports" - type="text" class="formfld" id="def_snmp_ports" size="40" - value="<?=htmlspecialchars($pconfig['def_snmp_ports']);?>"> <br> - <span class="vexpl">Example: Specific ports "25,443" or All ports - betwen "5060:5090 . Default is 161.</span></td> - </tr> - <tr> - <td width="22%" valign="top" class="vncell2">Define FTP_SERVERS</td> - <td width="78%" class="vtable"><input name="def_ftp_servers" - type="text" class="formfld" id="def_ftp_servers" size="40" - value="<?=htmlspecialchars($pconfig['def_ftp_servers']);?>"> <br> - <span class="vexpl">Example: "192.168.1.3/24,192.168.1.4/24". Leave - blank to scan all networks.</span></td> - </tr> - <tr> - <td width="22%" valign="top" class="vncell2">Define FTP_PORTS</td> - <td width="78%" class="vtable"><input name="def_ftp_ports" - type="text" class="formfld" id="def_ftp_ports" size="40" - value="<?=htmlspecialchars($pconfig['def_ftp_ports']);?>"> <br> - <span class="vexpl">Example: Specific ports "25,443" or All ports - betwen "5060:5090 . Default is 21.</span></td> - </tr> - <tr> - <td width="22%" valign="top" class="vncell2">Define SSH_SERVERS</td> - <td width="78%" class="vtable"><input name="def_ssh_servers" - type="text" class="formfld" id="def_ssh_servers" size="40" - value="<?=htmlspecialchars($pconfig['def_ssh_servers']);?>"> <br> - <span class="vexpl">Example: "192.168.1.3/24,192.168.1.4/24". Leave - blank to scan all networks.</span></td> - </tr> - <tr> - <td width="22%" valign="top" class="vncell2">Define SSH_PORTS</td> - <td width="78%" class="vtable"><input name="def_ssh_ports" - type="text" class="formfld" id="def_ssh_ports" size="40" - value="<?=htmlspecialchars($pconfig['def_ssh_ports']);?>"> <br> - <span class="vexpl">Example: Specific ports "25,443" or All ports - betwen "5060:5090 . Default is the firewall's SSH port.</span></td> - </tr> - <tr> - <td width="22%" valign="top" class="vncell2">Define POP_SERVERS</td> - <td width="78%" class="vtable"><input name="def_pop_servers" - type="text" class="formfld" id="def_pop_servers" size="40" - value="<?=htmlspecialchars($pconfig['def_pop_servers']);?>"> <br> - <span class="vexpl">Example: "192.168.1.3/24,192.168.1.4/24". Leave - blank to scan all networks.</span></td> - </tr> - <tr> - <td width="22%" valign="top" class="vncell2">Define POP2_PORTS</td> - <td width="78%" class="vtable"><input name="def_pop2_ports" - type="text" class="formfld" id="def_pop2_ports" size="40" - value="<?=htmlspecialchars($pconfig['def_pop2_ports']);?>"> <br> - <span class="vexpl">Example: Specific ports "25,443" or All ports - betwen "5060:5090 . Default is 109.</span></td> - </tr> - <tr> - <td width="22%" valign="top" class="vncell2">Define POP3_PORTS</td> - <td width="78%" class="vtable"><input name="def_pop3_ports" - type="text" class="formfld" id="def_pop3_ports" size="40" - value="<?=htmlspecialchars($pconfig['def_pop3_ports']);?>"> <br> - <span class="vexpl">Example: Specific ports "25,443" or All ports - betwen "5060:5090 . Default is 110.</span></td> - </tr> - <tr> - <td width="22%" valign="top" class="vncell2">Define IMAP_SERVERS</td> - <td width="78%" class="vtable"><input name="def_imap_servers" - type="text" class="formfld" id="def_imap_servers" size="40" - value="<?=htmlspecialchars($pconfig['def_imap_servers']);?>"> <br> - <span class="vexpl">Example: "192.168.1.3/24,192.168.1.4/24". Leave - blank to scan all networks.</span></td> - </tr> - <tr> - <td width="22%" valign="top" class="vncell2">Define IMAP_PORTS</td> - <td width="78%" class="vtable"><input name="def_imap_ports" - type="text" class="formfld" id="def_imap_ports" size="40" - value="<?=htmlspecialchars($pconfig['def_imap_ports']);?>"> <br> - <span class="vexpl">Example: Specific ports "25,443" or All ports - betwen "5060:5090 . Default is 143.</span></td> - </tr> - <tr> - <td width="22%" valign="top" class="vncell2">Define SIP_PROXY_IP</td> - <td width="78%" class="vtable"><input name="def_sip_proxy_ip" - type="text" class="formfld" id="def_sip_proxy_ip" size="40" - value="<?=htmlspecialchars($pconfig['def_sip_proxy_ip']);?>"> <br> - <span class="vexpl">Example: "192.168.1.3/24,192.168.1.4/24". Leave - blank to scan all networks.</span></td> - </tr> - <tr> - <td width="22%" valign="top" class="vncell2">Define SIP_PROXY_PORTS</td> - <td width="78%" class="vtable"><input name="def_sip_proxy_ports" - type="text" class="formfld" id="def_sip_proxy_ports" size="40" - value="<?=htmlspecialchars($pconfig['def_sip_proxy_ports']);?>"> <br> - <span class="vexpl">Example: Specific ports "25,443" or All ports - betwen "5060:5090 . Default is 5060:5090,16384:32768.</span></td> - </tr> - <tr> - <td width="22%" valign="top" class="vncell2">Define SIP_SERVERS</td> - <td width="78%" class="vtable"><input name="def_sip_servers" - type="text" class="formfld" id="def_sip_servers" size="40" - value="<?=htmlspecialchars($pconfig['def_sip_servers']);?>"> <br> - <span class="vexpl">Example: "192.168.1.3/24,192.168.1.4/24". Leave - blank to scan all networks.</span></td> - </tr> - <tr> - <td width="22%" valign="top" class="vncell2">Define SIP_PORTS</td> - <td width="78%" class="vtable"><input name="def_sip_ports" - type="text" class="formfld" id="def_sip_ports" size="40" - value="<?=htmlspecialchars($pconfig['def_sip_ports']);?>"> <br> - <span class="vexpl">Example: Specific ports "25,443" or All ports - betwen "5060:5090 . Default is 5060:5090,16384:32768.</span></td> - </tr> - <tr> - <td width="22%" valign="top" class="vncell2">Define AUTH_PORTS</td> - <td width="78%" class="vtable"><input name="def_auth_ports" - type="text" class="formfld" id="def_auth_ports" size="40" - value="<?=htmlspecialchars($pconfig['def_auth_ports']);?>"> <br> - <span class="vexpl">Example: Specific ports "25,443" or All ports - betwen "5060:5090 . Default is 113.</span></td> - </tr> - <tr> - <td width="22%" valign="top" class="vncell2">Define FINGER_PORTS</td> - <td width="78%" class="vtable"><input name="def_finger_ports" - type="text" class="formfld" id="def_finger_ports" size="40" - value="<?=htmlspecialchars($pconfig['def_finger_ports']);?>"> <br> - <span class="vexpl">Example: Specific ports "25,443" or All ports - betwen "5060:5090 . Default is 79.</span></td> - </tr> - <tr> - <td width="22%" valign="top" class="vncell2">Define IRC_PORTS</td> - <td width="78%" class="vtable"><input name="def_irc_ports" - type="text" class="formfld" id="def_irc_ports" size="40" - value="<?=htmlspecialchars($pconfig['def_irc_ports']);?>"> <br> - <span class="vexpl">Example: Specific ports "25,443" or All ports - betwen "5060:5090 . Default is 6665,6666,6667,6668,6669,7000.</span></td> - </tr> - <tr> - <td width="22%" valign="top" class="vncell2">Define NNTP_PORTS</td> - <td width="78%" class="vtable"><input name="def_nntp_ports" - type="text" class="formfld" id="def_nntp_ports" size="40" - value="<?=htmlspecialchars($pconfig['def_nntp_ports']);?>"> <br> - <span class="vexpl">Example: Specific ports "25,443" or All ports - betwen "5060:5090 . Default is 119.</span></td> - </tr> - <tr> - <td width="22%" valign="top" class="vncell2">Define RLOGIN_PORTS</td> - <td width="78%" class="vtable"><input name="def_rlogin_ports" - type="text" class="formfld" id="def_rlogin_ports" size="40" - value="<?=htmlspecialchars($pconfig['def_rlogin_ports']);?>"> <br> - <span class="vexpl">Example: Specific ports "25,443" or All ports - betwen "5060:5090 . Default is 513.</span></td> - </tr> - <tr> - <td width="22%" valign="top" class="vncell2">Define RSH_PORTS</td> - <td width="78%" class="vtable"><input name="def_rsh_ports" - type="text" class="formfld" id="def_rsh_ports" size="40" - value="<?=htmlspecialchars($pconfig['def_rsh_ports']);?>"> <br> - <span class="vexpl">Example: Specific ports "25,443" or All ports - betwen "5060:5090 . Default is 514.</span></td> - </tr> - <tr> - <td width="22%" valign="top" class="vncell2">Define SSL_PORTS</td> - <td width="78%" class="vtable"><input name="def_ssl_ports" - type="text" class="formfld" id="def_ssl_ports" size="40" - value="<?=htmlspecialchars($pconfig['def_ssl_ports']);?>"> <br> - <span class="vexpl">Example: Specific ports "25,443" or All ports - betwen "5060:5090 . Default is 25,443,465,636,993,995.</span></td> - </tr> - <tr> - <td width="22%" valign="top"> </td> - <td width="78%"> - <input name="Submit" type="submit" class="formbtn" value="Save"> - <input name="id" type="hidden" value="<?=$id;?>"> - </td> - </tr> - <tr> - <td width="22%" valign="top"> </td> - <td width="78%"><span class="vexpl"><span class="red"><strong>Note:</strong></span> - <br> - Please save your settings before you click start. </td> - </tr> - </table> - -</table> -</form> -<?php include("fend.inc"); ?> -</body> -</html> +<?php
+/* $Id$ */
+/*
+ snort_define_servers.php
+ part of m0n0wall (http://m0n0.ch/wall)
+
+ Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>.
+ Copyright (C) 2008-2009 Robert Zelaya.
+ All rights reserved.
+
+ Redistribution and use in source and binary forms, with or without
+ modification, are permitted provided that the following conditions are met:
+
+ 1. Redistributions of source code must retain the above copyright notice,
+ this list of conditions and the following disclaimer.
+
+ 2. Redistributions in binary form must reproduce the above copyright
+ notice, this list of conditions and the following disclaimer in the
+ documentation and/or other materials provided with the distribution.
+
+ THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
+ INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
+ AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
+ OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ POSSIBILITY OF SUCH DAMAGE.
+ */
+
+/*
+
+TODO: Nov 12 09
+Clean this code up its ugly
+Important add error checking
+
+*/
+
+//require_once("globals.inc");
+require_once("guiconfig.inc");
+require_once("/usr/local/pkg/snort/snort_gui.inc");
+require_once("/usr/local/pkg/snort/snort.inc");
+
+global $g;
+
+$id = $_GET['id'];
+if (isset($_POST['id']))
+ $id = $_POST['id'];
+if (is_null($id)) {
+ header("Location: /snort/snort_interfaces.php");
+ exit;
+}
+
+if (!is_array($config['installedpackages']['snortglobal']['rule'])) {
+ $config['installedpackages']['snortglobal']['rule'] = array();
+}
+$a_nat = &$config['installedpackages']['snortglobal']['rule'];
+
+$pconfig = array();
+if (isset($id) && $a_nat[$id]) {
+ $pconfig = $a_nat[$id];
+
+ /* old options */
+ $pconfig['def_dns_servers'] = $a_nat[$id]['def_dns_servers'];
+ $pconfig['def_dns_ports'] = $a_nat[$id]['def_dns_ports'];
+ $pconfig['def_smtp_servers'] = $a_nat[$id]['def_smtp_servers'];
+ $pconfig['def_smtp_ports'] = $a_nat[$id]['def_smtp_ports'];
+ $pconfig['def_mail_ports'] = $a_nat[$id]['def_mail_ports'];
+ $pconfig['def_http_servers'] = $a_nat[$id]['def_http_servers'];
+ $pconfig['def_www_servers'] = $a_nat[$id]['def_www_servers'];
+ $pconfig['def_http_ports'] = $a_nat[$id]['def_http_ports'];
+ $pconfig['def_sql_servers'] = $a_nat[$id]['def_sql_servers'];
+ $pconfig['def_oracle_ports'] = $a_nat[$id]['def_oracle_ports'];
+ $pconfig['def_mssql_ports'] = $a_nat[$id]['def_mssql_ports'];
+ $pconfig['def_telnet_servers'] = $a_nat[$id]['def_telnet_servers'];
+ $pconfig['def_telnet_ports'] = $a_nat[$id]['def_telnet_ports'];
+ $pconfig['def_snmp_servers'] = $a_nat[$id]['def_snmp_servers'];
+ $pconfig['def_snmp_ports'] = $a_nat[$id]['def_snmp_ports'];
+ $pconfig['def_ftp_servers'] = $a_nat[$id]['def_ftp_servers'];
+ $pconfig['def_ftp_ports'] = $a_nat[$id]['def_ftp_ports'];
+ $pconfig['def_ssh_servers'] = $a_nat[$id]['def_ssh_servers'];
+ $pconfig['def_ssh_ports'] = $a_nat[$id]['def_ssh_ports'];
+ $pconfig['def_pop_servers'] = $a_nat[$id]['def_pop_servers'];
+ $pconfig['def_pop2_ports'] = $a_nat[$id]['def_pop2_ports'];
+ $pconfig['def_pop3_ports'] = $a_nat[$id]['def_pop3_ports'];
+ $pconfig['def_imap_servers'] = $a_nat[$id]['def_imap_servers'];
+ $pconfig['def_imap_ports'] = $a_nat[$id]['def_imap_ports'];
+ $pconfig['def_sip_proxy_ip'] = $a_nat[$id]['def_sip_proxy_ip'];
+ $pconfig['def_sip_servers'] = $a_nat[$id]['def_sip_servers'];
+ $pconfig['def_sip_ports'] = $a_nat[$id]['def_sip_ports'];
+ $pconfig['def_sip_proxy_ports'] = $a_nat[$id]['def_sip_proxy_ports'];
+ $pconfig['def_auth_ports'] = $a_nat[$id]['def_auth_ports'];
+ $pconfig['def_finger_ports'] = $a_nat[$id]['def_finger_ports'];
+ $pconfig['def_irc_ports'] = $a_nat[$id]['def_irc_ports'];
+ $pconfig['def_nntp_ports'] = $a_nat[$id]['def_nntp_ports'];
+ $pconfig['def_rlogin_ports'] = $a_nat[$id]['def_rlogin_ports'];
+ $pconfig['def_rsh_ports'] = $a_nat[$id]['def_rsh_ports'];
+ $pconfig['def_ssl_ports'] = $a_nat[$id]['def_ssl_ports'];
+}
+
+/* convert fake interfaces to real */
+$if_real = snort_get_real_interface($pconfig['interface']);
+$snort_uuid = $config['installedpackages']['snortglobal']['rule'][$id]['uuid'];
+
+/* alert file */
+$d_snortconfdirty_path = "/var/run/snort_conf_{$snort_uuid}_{$if_real}.dirty";
+
+if ($_POST) {
+
+ $natent = array();
+ $natent = $pconfig;
+
+ /* if no errors write to conf */
+ if (!$input_errors) {
+ /* post new options */
+ if ($_POST['def_dns_servers'] != "") { $natent['def_dns_servers'] = $_POST['def_dns_servers']; }else{ $natent['def_dns_servers'] = ""; }
+ if ($_POST['def_dns_ports'] != "") { $natent['def_dns_ports'] = $_POST['def_dns_ports']; }else{ $natent['def_dns_ports'] = ""; }
+ if ($_POST['def_smtp_servers'] != "") { $natent['def_smtp_servers'] = $_POST['def_smtp_servers']; }else{ $natent['def_smtp_servers'] = ""; }
+ if ($_POST['def_smtp_ports'] != "") { $natent['def_smtp_ports'] = $_POST['def_smtp_ports']; }else{ $natent['def_smtp_ports'] = ""; }
+ if ($_POST['def_mail_ports'] != "") { $natent['def_mail_ports'] = $_POST['def_mail_ports']; }else{ $natent['def_mail_ports'] = ""; }
+ if ($_POST['def_http_servers'] != "") { $natent['def_http_servers'] = $_POST['def_http_servers']; }else{ $natent['def_http_servers'] = ""; }
+ if ($_POST['def_www_servers'] != "") { $natent['def_www_servers'] = $_POST['def_www_servers']; }else{ $natent['def_www_servers'] = ""; }
+ if ($_POST['def_http_ports'] != "") { $natent['def_http_ports'] = $_POST['def_http_ports']; }else{ $natent['def_http_ports'] = ""; }
+ if ($_POST['def_sql_servers'] != "") { $natent['def_sql_servers'] = $_POST['def_sql_servers']; }else{ $natent['def_sql_servers'] = ""; }
+ if ($_POST['def_oracle_ports'] != "") { $natent['def_oracle_ports'] = $_POST['def_oracle_ports']; }else{ $natent['def_oracle_ports'] = ""; }
+ if ($_POST['def_mssql_ports'] != "") { $natent['def_mssql_ports'] = $_POST['def_mssql_ports']; }else{ $natent['def_mssql_ports'] = ""; }
+ if ($_POST['def_telnet_servers'] != "") { $natent['def_telnet_servers'] = $_POST['def_telnet_servers']; }else{ $natent['def_telnet_servers'] = ""; }
+ if ($_POST['def_telnet_ports'] != "") { $natent['def_telnet_ports'] = $_POST['def_telnet_ports']; }else{ $natent['def_telnet_ports'] = ""; }
+ if ($_POST['def_snmp_servers'] != "") { $natent['def_snmp_servers'] = $_POST['def_snmp_servers']; }else{ $natent['def_snmp_servers'] = ""; }
+ if ($_POST['def_snmp_ports'] != "") { $natent['def_snmp_ports'] = $_POST['def_snmp_ports']; }else{ $natent['def_snmp_ports'] = ""; }
+ if ($_POST['def_ftp_servers'] != "") { $natent['def_ftp_servers'] = $_POST['def_ftp_servers']; }else{ $natent['def_ftp_servers'] = ""; }
+ if ($_POST['def_ftp_ports'] != "") { $natent['def_ftp_ports'] = $_POST['def_ftp_ports']; }else{ $natent['def_ftp_ports'] = ""; }
+ if ($_POST['def_ssh_servers'] != "") { $natent['def_ssh_servers'] = $_POST['def_ssh_servers']; }else{ $natent['def_ssh_servers'] = ""; }
+ if ($_POST['def_ssh_ports'] != "") { $natent['def_ssh_ports'] = $_POST['def_ssh_ports']; }else{ $natent['def_ssh_ports'] = ""; }
+ if ($_POST['def_pop_servers'] != "") { $natent['def_pop_servers'] = $_POST['def_pop_servers']; }else{ $natent['def_pop_servers'] = ""; }
+ if ($_POST['def_pop2_ports'] != "") { $natent['def_pop2_ports'] = $_POST['def_pop2_ports']; }else{ $natent['def_pop2_ports'] = ""; }
+ if ($_POST['def_pop3_ports'] != "") { $natent['def_pop3_ports'] = $_POST['def_pop3_ports']; }else{ $natent['def_pop3_ports'] = ""; }
+ if ($_POST['def_imap_servers'] != "") { $natent['def_imap_servers'] = $_POST['def_imap_servers']; }else{ $natent['def_imap_servers'] = ""; }
+ if ($_POST['def_imap_ports'] != "") { $natent['def_imap_ports'] = $_POST['def_imap_ports']; }else{ $natent['def_imap_ports'] = ""; }
+ if ($_POST['def_sip_proxy_ip'] != "") { $natent['def_sip_proxy_ip'] = $_POST['def_sip_proxy_ip']; }else{ $natent['def_sip_proxy_ip'] = ""; }
+ if ($_POST['def_sip_proxy_ports'] != "") { $natent['def_sip_proxy_ports'] = $_POST['def_sip_proxy_ports']; }else{ $natent['def_sip_proxy_ports'] = ""; }
+ if ($_POST['def_sip_servers'] != "") { $natent['def_sip_servers'] = $_POST['def_sip_servers']; }else{ $natent['def_sip_servers'] = ""; }
+ if ($_POST['def_sip_ports'] != "") { $natent['def_sip_ports'] = $_POST['def_sip_ports']; }else{ $natent['def_sip_ports'] = ""; }
+ if ($_POST['def_auth_ports'] != "") { $natent['def_auth_ports'] = $_POST['def_auth_ports']; }else{ $natent['def_auth_ports'] = ""; }
+ if ($_POST['def_finger_ports'] != "") { $natent['def_finger_ports'] = $_POST['def_finger_ports']; }else{ $natent['def_finger_ports'] = ""; }
+ if ($_POST['def_irc_ports'] != "") { $natent['def_irc_ports'] = $_POST['def_irc_ports']; }else{ $natent['def_irc_ports'] = ""; }
+ if ($_POST['def_nntp_ports'] != "") { $natent['def_nntp_ports'] = $_POST['def_nntp_ports']; }else{ $natent['def_nntp_ports'] = ""; }
+ if ($_POST['def_rlogin_ports'] != "") { $natent['def_rlogin_ports'] = $_POST['def_rlogin_ports']; }else{ $natent['def_rlogin_ports'] = ""; }
+ if ($_POST['def_rsh_ports'] != "") { $natent['def_rsh_ports'] = $_POST['def_rsh_ports']; }else{ $natent['def_rsh_ports'] = ""; }
+ if ($_POST['def_ssl_ports'] != "") { $natent['def_ssl_ports'] = $_POST['def_ssl_ports']; }else{ $natent['def_ssl_ports'] = ""; }
+
+
+ if (isset($id) && $a_nat[$id])
+ $a_nat[$id] = $natent;
+ else {
+ if (is_numeric($after))
+ array_splice($a_nat, $after+1, 0, array($natent));
+ else
+ $a_nat[] = $natent;
+ }
+
+ write_config();
+
+ sync_snort_package_config();
+
+ /* after click go to this page */
+ header( 'Expires: Sat, 26 Jul 1997 05:00:00 GMT' );
+ header( 'Last-Modified: ' . gmdate( 'D, d M Y H:i:s' ) . ' GMT' );
+ header( 'Cache-Control: no-store, no-cache, must-revalidate' );
+ header( 'Cache-Control: post-check=0, pre-check=0', false );
+ header( 'Pragma: no-cache' );
+ header("Location: snort_define_servers.php?id=$id");
+ exit;
+ }
+}
+
+$pgtitle = "Snort: Interface $id$if_real Define Servers";
+include_once("head.inc");
+
+?>
+<body
+ link="#0000CC" vlink="#0000CC" alink="#0000CC">
+
+<?php
+include("fbegin.inc");
+if($pfsense_stable == 'yes'){echo '<p class="pgtitle">' . $pgtitle . '</p>';}
+
+echo "{$snort_general_css}\n";
+?>
+
+<form action="snort_define_servers.php" method="post"
+ enctype="multipart/form-data" name="iform" id="iform"><?php
+
+ /* Display Alert message */
+
+ if ($input_errors) {
+ print_input_errors($input_errors); // TODO: add checks
+ }
+
+ if ($savemsg) {
+ print_info_box2($savemsg);
+ }
+
+ ?>
+
+<table width="100%" border="0" cellpadding="0" cellspacing="0">
+<tr><td>
+<?php
+ $tab_array = array();
+ $tabid = 0;
+ $tab_array[$tabid] = array(gettext("Snort Interfaces"), false, "/snort/snort_interfaces.php");
+ $tabid++;
+ $tab_array[$tabid] = array(gettext("If Settings"), false, "/snort/snort_interfaces_edit.php?id={$id}");
+ $tabid++;
+ $tab_array[$tabid] = array(gettext("Categories"), false, "/snort/snort_rulesets.php?id={$id}");
+ $tabid++;
+ $tab_array[$tabid] = array(gettext("Rules"), false, "/snort/snort_rules.php?id={$id}");
+ $tabid++;
+ $tab_array[$tabid] = array(gettext("Servers"), true, "/snort/snort_define_servers.php?id={$id}");
+ $tabid++;
+ $tab_array[$tabid] = array(gettext("Preprocessors"), false, "/snort/snort_preprocessors.php?id={$id}");
+ $tabid++;
+ $tab_array[$tabid] = array(gettext("Barnyard2"), false, "/snort/snort_barnyard.php?id={$id}");
+ display_top_tabs($tab_array);
+?>
+</td></tr>
+<tr>
+ <td class="tabcont">
+ <table width="100%" border="0" cellpadding="6" cellspacing="0">
+ <tr>
+ <td width="22%" valign="top"> </td>
+ <td width="78%"><span class="vexpl"><span class="red"><strong>Note:</strong></span><br>
+ Please save your settings before you click start.<br>
+ Please make sure there are <strong>no spaces</strong> in your
+ definitions. </td>
+ </tr>
+ <tr>
+ <td colspan="2" valign="top" class="listtopic">Define Servers</td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncell2">Define DNS_SERVERS</td>
+ <td width="78%" class="vtable"><input name="def_dns_servers"
+ type="text" class="formfld" id="def_dns_servers" size="40"
+ value="<?=htmlspecialchars($pconfig['def_dns_servers']);?>"> <br>
+ <span class="vexpl">Example: "192.168.1.3/24,192.168.1.4/24". Leave
+ blank to scan all networks.</span></td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncell2">Define DNS_PORTS</td>
+ <td width="78%" class="vtable"><input name="def_dns_ports"
+ type="text" class="formfld" id="def_dns_ports" size="40"
+ value="<?=htmlspecialchars($pconfig['def_dns_ports']);?>"> <br>
+ <span class="vexpl">Example: Specific ports "25,443" or All ports
+ betwen "5060:5090 . Default is 53.</span></td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncell2">Define SMTP_SERVERS</td>
+ <td width="78%" class="vtable"><input name="def_smtp_servers"
+ type="text" class="formfld" id="def_smtp_servers" size="40"
+ value="<?=htmlspecialchars($pconfig['def_smtp_servers']);?>"> <br>
+ <span class="vexpl">Example: "192.168.1.3/24,192.168.1.4/24". Leave
+ blank to scan all networks.</span></td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncell2">Define SMTP_PORTS</td>
+ <td width="78%" class="vtable"><input name="def_smtp_ports"
+ type="text" class="formfld" id="def_smtp_ports" size="40"
+ value="<?=htmlspecialchars($pconfig['def_smtp_ports']);?>"> <br>
+ <span class="vexpl">Example: Specific ports "25,443" or All ports
+ betwen "5060:5090 . Default is 25.</span></td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncell2">Define Mail_Ports</td>
+ <td width="78%" class="vtable"><input name="def_mail_ports"
+ type="text" class="formfld" id="def_mail_ports" size="40"
+ value="<?=htmlspecialchars($pconfig['def_mail_ports']);?>"> <br>
+ <span class="vexpl">Example: Specific ports "25,443" or All ports
+ betwen "5060:5090 . Default is 25,143,465,691.</span></td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncell2">Define HTTP_SERVERS</td>
+ <td width="78%" class="vtable"><input name="def_http_servers"
+ type="text" class="formfld" id="def_http_servers" size="40"
+ value="<?=htmlspecialchars($pconfig['def_http_servers']);?>"> <br>
+ <span class="vexpl">Example: "192.168.1.3/24,192.168.1.4/24". Leave
+ blank to scan all networks.</span></td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncell2">Define WWW_SERVERS</td>
+ <td width="78%" class="vtable"><input name="def_www_servers"
+ type="text" class="formfld" id="def_www_servers" size="40"
+ value="<?=htmlspecialchars($pconfig['def_www_servers']);?>"> <br>
+ <span class="vexpl">Example: "192.168.1.3/24,192.168.1.4/24". Leave
+ blank to scan all networks.</span></td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncell2">Define HTTP_PORTS</td>
+ <td width="78%" class="vtable"><input name="def_http_ports"
+ type="text" class="formfld" id="def_http_ports" size="40"
+ value="<?=htmlspecialchars($pconfig['def_http_ports']);?>"> <br>
+ <span class="vexpl">Example: Specific ports "25,443" or All ports
+ betwen "5060:5090 . Default is 80.</span></td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncell2">Define SQL_SERVERS</td>
+ <td width="78%" class="vtable"><input name="def_sql_servers"
+ type="text" class="formfld" id="def_sql_servers" size="40"
+ value="<?=htmlspecialchars($pconfig['def_sql_servers']);?>"> <br>
+ <span class="vexpl">Example: "192.168.1.3/24,192.168.1.4/24". Leave
+ blank to scan all networks.</span></td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncell2">Define ORACLE_PORTS</td>
+ <td width="78%" class="vtable"><input name="def_oracle_ports"
+ type="text" class="formfld" id="def_oracle_ports" size="40"
+ value="<?=htmlspecialchars($pconfig['def_oracle_ports']);?>"> <br>
+ <span class="vexpl">Example: Specific ports "25,443" or All ports
+ betwen "5060:5090 . Default is 1521.</span></td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncell2">Define MSSQL_PORTS</td>
+ <td width="78%" class="vtable"><input name="def_mssql_ports"
+ type="text" class="formfld" id="def_mssql_ports" size="40"
+ value="<?=htmlspecialchars($pconfig['def_mssql_ports']);?>"> <br>
+ <span class="vexpl">Example: Specific ports "25,443" or All ports
+ betwen "5060:5090 . Default is 1433.</span></td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncell2">Define TELNET_SERVERS</td>
+ <td width="78%" class="vtable"><input name="def_telnet_servers"
+ type="text" class="formfld" id="def_telnet_servers" size="40"
+ value="<?=htmlspecialchars($pconfig['def_telnet_servers']);?>"> <br>
+ <span class="vexpl">Example: "192.168.1.3/24,192.168.1.4/24". Leave
+ blank to scan all networks.</span></td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncell2">Define TELNET_PORTS</td>
+ <td width="78%" class="vtable"><input name="def_telnet_ports"
+ type="text" class="formfld" id="def_telnet_ports" size="40"
+ value="<?=htmlspecialchars($pconfig['def_telnet_ports']);?>"> <br>
+ <span class="vexpl">Example: Specific ports "25,443" or All ports
+ betwen "5060:5090 . Default is 23.</span></td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncell2">Define SNMP_SERVERS</td>
+ <td width="78%" class="vtable"><input name="def_snmp_servers"
+ type="text" class="formfld" id="def_snmp_servers" size="40"
+ value="<?=htmlspecialchars($pconfig['def_snmp_servers']);?>"> <br>
+ <span class="vexpl">Example: "192.168.1.3/24,192.168.1.4/24". Leave
+ blank to scan all networks.</span></td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncell2">Define SNMP_PORTS</td>
+ <td width="78%" class="vtable"><input name="def_snmp_ports"
+ type="text" class="formfld" id="def_snmp_ports" size="40"
+ value="<?=htmlspecialchars($pconfig['def_snmp_ports']);?>"> <br>
+ <span class="vexpl">Example: Specific ports "25,443" or All ports
+ betwen "5060:5090 . Default is 161.</span></td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncell2">Define FTP_SERVERS</td>
+ <td width="78%" class="vtable"><input name="def_ftp_servers"
+ type="text" class="formfld" id="def_ftp_servers" size="40"
+ value="<?=htmlspecialchars($pconfig['def_ftp_servers']);?>"> <br>
+ <span class="vexpl">Example: "192.168.1.3/24,192.168.1.4/24". Leave
+ blank to scan all networks.</span></td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncell2">Define FTP_PORTS</td>
+ <td width="78%" class="vtable"><input name="def_ftp_ports"
+ type="text" class="formfld" id="def_ftp_ports" size="40"
+ value="<?=htmlspecialchars($pconfig['def_ftp_ports']);?>"> <br>
+ <span class="vexpl">Example: Specific ports "25,443" or All ports
+ betwen "5060:5090 . Default is 21.</span></td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncell2">Define SSH_SERVERS</td>
+ <td width="78%" class="vtable"><input name="def_ssh_servers"
+ type="text" class="formfld" id="def_ssh_servers" size="40"
+ value="<?=htmlspecialchars($pconfig['def_ssh_servers']);?>"> <br>
+ <span class="vexpl">Example: "192.168.1.3/24,192.168.1.4/24". Leave
+ blank to scan all networks.</span></td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncell2">Define SSH_PORTS</td>
+ <td width="78%" class="vtable"><input name="def_ssh_ports"
+ type="text" class="formfld" id="def_ssh_ports" size="40"
+ value="<?=htmlspecialchars($pconfig['def_ssh_ports']);?>"> <br>
+ <span class="vexpl">Example: Specific ports "25,443" or All ports
+ betwen "5060:5090 . Default is the firewall's SSH port.</span></td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncell2">Define POP_SERVERS</td>
+ <td width="78%" class="vtable"><input name="def_pop_servers"
+ type="text" class="formfld" id="def_pop_servers" size="40"
+ value="<?=htmlspecialchars($pconfig['def_pop_servers']);?>"> <br>
+ <span class="vexpl">Example: "192.168.1.3/24,192.168.1.4/24". Leave
+ blank to scan all networks.</span></td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncell2">Define POP2_PORTS</td>
+ <td width="78%" class="vtable"><input name="def_pop2_ports"
+ type="text" class="formfld" id="def_pop2_ports" size="40"
+ value="<?=htmlspecialchars($pconfig['def_pop2_ports']);?>"> <br>
+ <span class="vexpl">Example: Specific ports "25,443" or All ports
+ betwen "5060:5090 . Default is 109.</span></td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncell2">Define POP3_PORTS</td>
+ <td width="78%" class="vtable"><input name="def_pop3_ports"
+ type="text" class="formfld" id="def_pop3_ports" size="40"
+ value="<?=htmlspecialchars($pconfig['def_pop3_ports']);?>"> <br>
+ <span class="vexpl">Example: Specific ports "25,443" or All ports
+ betwen "5060:5090 . Default is 110.</span></td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncell2">Define IMAP_SERVERS</td>
+ <td width="78%" class="vtable"><input name="def_imap_servers"
+ type="text" class="formfld" id="def_imap_servers" size="40"
+ value="<?=htmlspecialchars($pconfig['def_imap_servers']);?>"> <br>
+ <span class="vexpl">Example: "192.168.1.3/24,192.168.1.4/24". Leave
+ blank to scan all networks.</span></td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncell2">Define IMAP_PORTS</td>
+ <td width="78%" class="vtable"><input name="def_imap_ports"
+ type="text" class="formfld" id="def_imap_ports" size="40"
+ value="<?=htmlspecialchars($pconfig['def_imap_ports']);?>"> <br>
+ <span class="vexpl">Example: Specific ports "25,443" or All ports
+ betwen "5060:5090 . Default is 143.</span></td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncell2">Define SIP_PROXY_IP</td>
+ <td width="78%" class="vtable"><input name="def_sip_proxy_ip"
+ type="text" class="formfld" id="def_sip_proxy_ip" size="40"
+ value="<?=htmlspecialchars($pconfig['def_sip_proxy_ip']);?>"> <br>
+ <span class="vexpl">Example: "192.168.1.3/24,192.168.1.4/24". Leave
+ blank to scan all networks.</span></td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncell2">Define SIP_PROXY_PORTS</td>
+ <td width="78%" class="vtable"><input name="def_sip_proxy_ports"
+ type="text" class="formfld" id="def_sip_proxy_ports" size="40"
+ value="<?=htmlspecialchars($pconfig['def_sip_proxy_ports']);?>"> <br>
+ <span class="vexpl">Example: Specific ports "25,443" or All ports
+ betwen "5060:5090 . Default is 5060:5090,16384:32768.</span></td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncell2">Define SIP_SERVERS</td>
+ <td width="78%" class="vtable"><input name="def_sip_servers"
+ type="text" class="formfld" id="def_sip_servers" size="40"
+ value="<?=htmlspecialchars($pconfig['def_sip_servers']);?>"> <br>
+ <span class="vexpl">Example: "192.168.1.3/24,192.168.1.4/24". Leave
+ blank to scan all networks.</span></td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncell2">Define SIP_PORTS</td>
+ <td width="78%" class="vtable"><input name="def_sip_ports"
+ type="text" class="formfld" id="def_sip_ports" size="40"
+ value="<?=htmlspecialchars($pconfig['def_sip_ports']);?>"> <br>
+ <span class="vexpl">Example: Specific ports "25,443" or All ports
+ betwen "5060:5090 . Default is 5060:5090,16384:32768.</span></td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncell2">Define AUTH_PORTS</td>
+ <td width="78%" class="vtable"><input name="def_auth_ports"
+ type="text" class="formfld" id="def_auth_ports" size="40"
+ value="<?=htmlspecialchars($pconfig['def_auth_ports']);?>"> <br>
+ <span class="vexpl">Example: Specific ports "25,443" or All ports
+ betwen "5060:5090 . Default is 113.</span></td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncell2">Define FINGER_PORTS</td>
+ <td width="78%" class="vtable"><input name="def_finger_ports"
+ type="text" class="formfld" id="def_finger_ports" size="40"
+ value="<?=htmlspecialchars($pconfig['def_finger_ports']);?>"> <br>
+ <span class="vexpl">Example: Specific ports "25,443" or All ports
+ betwen "5060:5090 . Default is 79.</span></td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncell2">Define IRC_PORTS</td>
+ <td width="78%" class="vtable"><input name="def_irc_ports"
+ type="text" class="formfld" id="def_irc_ports" size="40"
+ value="<?=htmlspecialchars($pconfig['def_irc_ports']);?>"> <br>
+ <span class="vexpl">Example: Specific ports "25,443" or All ports
+ betwen "5060:5090 . Default is 6665,6666,6667,6668,6669,7000.</span></td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncell2">Define NNTP_PORTS</td>
+ <td width="78%" class="vtable"><input name="def_nntp_ports"
+ type="text" class="formfld" id="def_nntp_ports" size="40"
+ value="<?=htmlspecialchars($pconfig['def_nntp_ports']);?>"> <br>
+ <span class="vexpl">Example: Specific ports "25,443" or All ports
+ betwen "5060:5090 . Default is 119.</span></td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncell2">Define RLOGIN_PORTS</td>
+ <td width="78%" class="vtable"><input name="def_rlogin_ports"
+ type="text" class="formfld" id="def_rlogin_ports" size="40"
+ value="<?=htmlspecialchars($pconfig['def_rlogin_ports']);?>"> <br>
+ <span class="vexpl">Example: Specific ports "25,443" or All ports
+ betwen "5060:5090 . Default is 513.</span></td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncell2">Define RSH_PORTS</td>
+ <td width="78%" class="vtable"><input name="def_rsh_ports"
+ type="text" class="formfld" id="def_rsh_ports" size="40"
+ value="<?=htmlspecialchars($pconfig['def_rsh_ports']);?>"> <br>
+ <span class="vexpl">Example: Specific ports "25,443" or All ports
+ betwen "5060:5090 . Default is 514.</span></td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncell2">Define SSL_PORTS</td>
+ <td width="78%" class="vtable"><input name="def_ssl_ports"
+ type="text" class="formfld" id="def_ssl_ports" size="40"
+ value="<?=htmlspecialchars($pconfig['def_ssl_ports']);?>"> <br>
+ <span class="vexpl">Example: Specific ports "25,443" or All ports
+ betwen "5060:5090 . Default is 25,443,465,636,993,995.</span></td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top"> </td>
+ <td width="78%">
+ <input name="Submit" type="submit" class="formbtn" value="Save">
+ <input name="id" type="hidden" value="<?=$id;?>">
+ </td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top"> </td>
+ <td width="78%"><span class="vexpl"><span class="red"><strong>Note:</strong></span>
+ <br>
+ Please save your settings before you click start. </td>
+ </tr>
+ </table>
+
+</table>
+</form>
+<?php include("fend.inc"); ?>
+</body>
+</html>
diff --git a/config/snort-dev/snort_download_rules.php b/config/snort-dev/snort_download_rules.php index 7c6ff65c..dd4ca524 100644 --- a/config/snort-dev/snort_download_rules.php +++ b/config/snort-dev/snort_download_rules.php @@ -1,387 +1,387 @@ -<?php -/* - snort_download_rules.php - Copyright (C) 2006 Scott Ullrich - Copyright (C) 2009 Robert Zelaya - Copyright (C) 2011 Ermal Luci - All rights reserved. - - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions are met: - - 1. Redistributions of source code must retain the above copyright notice, - this list of conditions and the following disclaimer. - - 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. - - THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, - INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY - AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, - OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - POSSIBILITY OF SUCH DAMAGE. - */ - -/* Setup enviroment */ -require_once("guiconfig.inc"); -require_once("functions.inc"); -require_once("service-utils.inc"); -require_once("/usr/local/pkg/snort/snort.inc"); - -if ($_GET['return']) { - header("Location: /snort/snort_download_updates.php"); - exit; -} - -$tmpfname = "/usr/local/etc/snort/tmp/snort_rules_up"; -$snortdir = "/usr/local/etc/snort"; -$snortdir_wan = "/usr/local/etc/snort"; -$snort_filename_md5 = "{$snort_rules_file}.md5"; -$snort_filename = "{$snort_rules_file}"; -$emergingthreats_filename_md5 = "emerging.rules.tar.gz.md5"; -$emergingthreats_filename = "emerging.rules.tar.gz"; -$pfsense_rules_filename_md5 = "pfsense_rules.tar.gz.md5"; -$pfsense_rules_filename = "pfsense_rules.tar.gz"; - -/* Time stamps define */ -$last_md5_download = $config['installedpackages']['snortglobal']['last_md5_download']; -$last_rules_install = $config['installedpackages']['snortglobal']['last_rules_install']; - -/* define checks */ -$oinkid = $config['installedpackages']['snortglobal']['oinkmastercode']; -$snortdownload = $config['installedpackages']['snortglobal']['snortdownload']; -$emergingthreats = $config['installedpackages']['snortglobal']['emergingthreats']; - -if ($snortdownload == 'off' && $emergingthreats != 'on') - $snort_emrging_info = 'stop'; - -if ($oinkid == "" && $snortdownload != 'off') - $snort_oinkid_info = 'stop'; - -/* check if main rule directory is empty */ -$if_mrule_dir = "/usr/local/etc/snort/rules"; -$mfolder_chk = (count(glob("$if_mrule_dir/*")) === 0) ? 'empty' : 'full'; - -if (file_exists('/var/run/snort.conf.dirty')) - $snort_dirty_d = 'stop'; - -$pgtitle = "Services: Snort: Update Rules"; - -include("head.inc"); -?> - -<body link="#0000CC" vlink="#0000CC" alink="#0000CC"> - -<?php include("fbegin.inc"); ?> -<?if($pfsense_stable == 'yes'){echo '<p class="pgtitle">' . $pgtitle . '</p>';}?> - -<form action="/snort/snort_download_updates.php" method="GET"> -<table width="100%" border="0" cellpadding="0" cellspacing="0"> -<tr> - <td> - <div id="mainarea"> - <table class="tabcont" width="100%" border="0" cellpadding="6" cellspacing="0"> - <tr> - <td ><!-- progress bar --> - <table id="progholder" width='320' - style='border-collapse: collapse; border: 1px solid #000000;' - cellpadding='2' cellspacing='2'> - <tr> - <td><img border='0' - src='../themes/<?= $g['theme']; ?>/images/misc/progress_bar.gif' - width='280' height='23' name='progressbar' id='progressbar' - alt='' /> - </td> - </tr> - </table> - <br /> - <!-- status box --> <textarea cols="60" rows="2" name="status" id="status" wrap="hard"> - <?=gettext("Initializing...");?> - </textarea> - <!-- command output box --> <textarea cols="60" rows="2" name="output" id="output" wrap="hard"> - </textarea> - </td> - </tr> - </table> - </div> - </td> -</tr> -<tr><td><input type="submit" Value="Return"></td></tr> -</table> -</form> -<?php include("fend.inc");?> -</body> -</html> - -<?php -/* Start of code */ -conf_mount_rw(); - -if (!is_dir('/usr/local/etc/snort/tmp')) - exec('/bin/mkdir -p /usr/local/etc/snort/tmp'); - -$snort_md5_check_ok = 'off'; -$emerg_md5_check_ok = 'off'; -$pfsense_md5_check_ok = 'off'; - -/* Set user agent to Mozilla */ -ini_set('user_agent','Mozilla/4.0 (compatible; MSIE 6.0)'); -ini_set("memory_limit","150M"); - -/* mark the time update started */ -$config['installedpackages']['snortglobal']['last_md5_download'] = date("Y-M-jS-h:i-A"); - -/* send current buffer */ -ob_flush(); - -/* hide progress bar */ -hide_progress_bar_status(); - -/* send current buffer */ -ob_flush(); - -/* remove old $tmpfname files */ -if (is_dir("{$tmpfname}")) { - update_status(gettext("Removing old tmp files...")); - exec("/bin/rm -r {$tmpfname}"); - apc_clear_cache(); -} - -/* Make shure snortdir exits */ -exec("/bin/mkdir -p {$snortdir}"); -exec("/bin/mkdir -p {$snortdir}/rules"); -exec("/bin/mkdir -p {$snortdir}/signatures"); -exec("/bin/mkdir -p {$tmpfname}"); -exec("/bin/mkdir -p /usr/local/lib/snort/dynamicrules/"); - -/* send current buffer */ -ob_flush(); - -/* unhide progress bar and lets end this party */ -unhide_progress_bar_status(); - -$pfsensedownload = 'on'; - -/* download md5 sig from snort.org */ -if ($snortdownload == 'on') -{ - if (file_exists("{$tmpfname}/{$snort_filename_md5}") && - filesize("{$tmpfname}/{$snort_filename_md5}") > 0) { - update_status(gettext("snort.org md5 temp file exists...")); - } else { - update_status(gettext("Downloading snort.org md5 file...")); - ini_set('user_agent','Mozilla/4.0 (compatible; MSIE 6.0)'); - - //$image = @file_get_contents("http://www.mtest.local/pub-bin/oinkmaster.cgi/{$oinkid}/{$snort_filename_md5}"); - $image = @file_get_contents("http://www.snort.org/pub-bin/oinkmaster.cgi/{$oinkid}/{$snort_filename_md5}"); - @file_put_contents("{$tmpfname}/{$snort_filename_md5}", $image); - update_status(gettext("Done downloading snort.org md5")); - } -} - -/* download md5 sig from emergingthreats.net */ -if ($emergingthreats == 'on') -{ - update_status(gettext("Downloading emergingthreats md5 file...")); - ini_set('user_agent','Mozilla/4.0 (compatible; MSIE 6.0)'); - // $image = @file_get_contents("http://www.mtest.local/pub-bin/oinkmaster.cgi/{$oinkid}/version.txt"); - $image = @file_get_contents('http://rules.emergingthreats.net/open/snort-2.9.0/emerging.rules.tar.gz.md5'); - @file_put_contents("{$tmpfname}/{$emergingthreats_filename_md5}", $image); - update_status(gettext("Done downloading emergingthreats md5")); -} - -/* download md5 sig from pfsense.org */ -if (file_exists("{$tmpfname}/{$pfsense_rules_filename_md5}")) { - update_status(gettext("pfsense md5 temp file exists...")); -} else { - update_status(gettext("Downloading pfsense md5 file...")); - ini_set('user_agent','Mozilla/4.0 (compatible; MSIE 6.0)'); - //$image = @file_get_contents("http://www.mtest.local/pub-bin/oinkmaster.cgi/{$oinkid}/pfsense_rules.tar.gz.md5"); - $image = @file_get_contents("http://www.pfsense.com/packages/config/snort/pfsense_rules/pfsense_rules.tar.gz.md5"); - @file_put_contents("{$tmpfname}/pfsense_rules.tar.gz.md5", $image); - update_status(gettext("Done downloading pfsense md5.")); -} - -/* If md5 file is empty wait 15min exit */ -if ($snortdownload == 'on') -{ - if (0 == filesize("{$tmpfname}/{$snort_filename_md5}")) - { - update_status(gettext("Please wait... You may only check for New Rules every 15 minutes...")); - update_output_window(gettext("Rules are released every month from snort.org. You may download the Rules at any time.")); - hide_progress_bar_status(); - $snortdownload = 'off'; - } -} - -/* If pfsense md5 file is empty wait 15min exit */ -if (0 == filesize("{$tmpfname}/$pfsense_rules_filename_md5")){ - update_status(gettext("Please wait... You may only check for New Pfsense Rules every 15 minutes...")); - update_output_window(gettext("Rules are released to support Pfsense packages.")); - hide_progress_bar_status(); - $pfsensedownload = 'off'; -} - -/* Check if were up to date snort.org */ -if ($snortdownload == 'on') -{ - if (file_exists("{$snortdir}/{$snort_filename_md5}")) - { - $md5_check_new_parse = file_get_contents("{$tmpfname}/{$snort_filename_md5}"); - $md5_check_new = `/bin/echo "{$md5_check_new_parse}" | /usr/bin/awk '{ print $1 }'`; - $md5_check_old_parse = file_get_contents("{$snortdir}/{$snort_filename_md5}"); - $md5_check_old = `/bin/echo "{$md5_check_old_parse}" | /usr/bin/awk '{ print $1 }'`; - if ($md5_check_new == $md5_check_old) - { - update_status(gettext("Your rules are up to date...")); - update_output_window(gettext("You may start Snort now, check update.")); - hide_progress_bar_status(); - $snort_md5_check_ok = 'on'; - } else { - update_status(gettext("Your rules are not up to date...")); - $snort_md5_check_ok = 'off'; - } - } -} - -/* Check if were up to date emergingthreats.net */ -if ($emergingthreats == 'on') -{ - if (file_exists("{$snortdir}/{$emergingthreats_filename_md5}")) - { - $emerg_md5_check_new_parse = file_get_contents("{$tmpfname}/{$emergingthreats_filename_md5}"); - $emerg_md5_check_new = `/bin/echo "{$emerg_md5_check_new_parse}" | /usr/bin/awk '{ print $1 }'`; - $emerg_md5_check_old_parse = file_get_contents("{$snortdir}/{$emergingthreats_filename_md5}"); - $emerg_md5_check_old = `/bin/echo "{$emerg_md5_check_old_parse}" | /usr/bin/awk '{ print $1 }'`; - if ($emerg_md5_check_new == $emerg_md5_check_old) - { - hide_progress_bar_status(); - $emerg_md5_check_ok = 'on'; - } else - $emerg_md5_check_ok = 'off'; - } -} - -/* Check if were up to date pfsense.org */ -if ($pfsensedownload == 'on' && file_exists("{$snortdir}/pfsense_rules.tar.gz.md5")) -{ - $pfsense_check_new_parse = file_get_contents("{$tmpfname}/pfsense_rules.tar.gz.md5"); - $pfsense_md5_check_new = `/bin/echo "{$pfsense_md5_check_new_parse}" | /usr/bin/awk '{ print $1 }'`; - $pfsense_md5_check_old_parse = file_get_contents("{$snortdir}/pfsense_rules.tar.gz.md5"); - $pfsense_md5_check_old = `/bin/echo "{$pfsense_md5_check_old_parse}" | /usr/bin/awk '{ print $1 }'`; - if ($pfsense_md5_check_new == $pfsense_md5_check_old) - { - hide_progress_bar_status(); - $pfsense_md5_check_ok = 'on'; - } else - $pfsense_md5_check_ok = 'off'; -} - -if ($snortdownload == 'on') { - if ($snort_md5_check_ok == 'on') - { - update_status(gettext("Your snort.org rules are up to date...")); - update_output_window(gettext("You may start Snort now...")); - $snortdownload = 'off'; - } -} -if ($emergingthreats == 'on') { - if ($emerg_md5_check_ok == 'on') - { - update_status(gettext("Your Emergingthreats rules are up to date...")); - update_output_window(gettext("You may start Snort now...")); - $emergingthreats = 'off'; - } -} - -/* download snortrules file */ -if ($snortdownload == 'on') -{ - if ($snort_md5_check_ok != 'on') { - if (file_exists("{$tmpfname}/{$snort_filename}")) { - update_status(gettext("Snortrule tar file exists...")); - } else { - unhide_progress_bar_status(); - update_status(gettext("There is a new set of Snort.org rules posted. Downloading...")); - update_output_window(gettext("May take 4 to 10 min...")); - download_file_with_progress_bar("http://www.snort.org/pub-bin/oinkmaster.cgi/{$oinkid}/{$snort_filename}", "{$tmpfname}/{$snort_filename}"); - update_all_status($static_output); - update_status(gettext("Done downloading rules file.")); - if (150000 > filesize("{$tmpfname}/$snort_filename")){ - update_status(gettext("Error with the snort rules download...")); - - update_output_window(gettext("Snort rules file downloaded failed...")); - $snortdownload = 'off'; - } - } - } -} - -/* download emergingthreats rules file */ -if ($emergingthreats == "on") -{ - if ($emerg_md5_check_ok != 'on') - { - if (file_exists("{$tmpfname}/{$emergingthreats_filename}")) - { - update_status(gettext('Emergingthreats tar file exists...')); - }else{ - update_status(gettext("There is a new set of Emergingthreats rules posted. Downloading...")); - update_output_window(gettext("May take 4 to 10 min...")); - download_file_with_progress_bar('http://rules.emergingthreats.net/open/snort-2.9.0/emerging.rules.tar.gz', "{$tmpfname}/{$emergingthreats_filename}"); - update_status(gettext('Done downloading Emergingthreats rules file.')); - } - } -} - -/* download pfsense rules file */ -if ($pfsensedownload == 'on' && $pfsense_md5_check_ok != 'on') { - if (file_exists("{$tmpfname}/{$pfsense_rules_filename}")) { - update_status(gettext("Snortrule tar file exists...")); - } else { - unhide_progress_bar_status(); - update_status(gettext("There is a new set of Pfsense rules posted. Downloading...")); - update_output_window(gettext("May take 4 to 10 min...")); - download_file_with_progress_bar("http://www.pfsense.com/packages/config/snort/pfsense_rules/pfsense_rules.tar.gz", $tmpfname . "/{$pfsense_rules_filename}"); - update_all_status($static_output); - update_status(gettext("Done downloading rules file.")); - } -} - -/* Compair md5 sig to file sig */ - -//$premium_url_chk = $config['installedpackages']['snort']['config'][0]['subscriber']; -//if ($premium_url_chk == on) { -//$md5 = file_get_contents("{$tmpfname}/{$snort_filename_md5}"); -//$file_md5_ondisk = `/sbin/md5 {$tmpfname}/{$snort_filename} | /usr/bin/awk '{ print $4 }'`; -// if ($md5 == $file_md5_ondisk) { -// update_status(gettext("Valid md5 checksum pass...")); -//} else { -// update_status(gettext("The downloaded file does not match the md5 file...P is ON")); -// update_output_window(gettext("Error md5 Mismatch...")); -// return; -// } -//} - -//$premium_url_chk = $config['installedpackages']['snort']['config'][0]['subscriber']; -//if ($premium_url_chk != on) { -//$md55 = `/bin/cat {$tmpfname}/{$snort_filename_md5} | /usr/bin/awk '{ print $4 }'`; -//$file_md5_ondisk2 = `/sbin/md5 {$tmpfname}/{$snort_filename} | /usr/bin/awk '{ print $4 }'`; -// if ($md55 == $file_md5_ondisk2) { -// update_status(gettext("Valid md5 checksum pass...")); -//} else { -// update_status(gettext("The downloaded file does not match the md5 file...Not P")); -// update_output_window(gettext("Error md5 Mismatch...")); -// return; -// } -//} - +<?php
+/*
+ snort_download_rules.php
+ Copyright (C) 2006 Scott Ullrich
+ Copyright (C) 2009 Robert Zelaya
+ Copyright (C) 2011 Ermal Luci
+ All rights reserved.
+
+ Redistribution and use in source and binary forms, with or without
+ modification, are permitted provided that the following conditions are met:
+
+ 1. Redistributions of source code must retain the above copyright notice,
+ this list of conditions and the following disclaimer.
+
+ 2. Redistributions in binary form must reproduce the above copyright
+ notice, this list of conditions and the following disclaimer in the
+ documentation and/or other materials provided with the distribution.
+
+ THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
+ INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
+ AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
+ OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ POSSIBILITY OF SUCH DAMAGE.
+ */
+
+/* Setup enviroment */
+require_once("guiconfig.inc");
+require_once("functions.inc");
+require_once("service-utils.inc");
+require_once("/usr/local/pkg/snort/snort.inc");
+
+if ($_GET['return']) {
+ header("Location: /snort/snort_download_updates.php");
+ exit;
+}
+
+$tmpfname = "/usr/local/etc/snort/tmp/snort_rules_up";
+$snortdir = "/usr/local/etc/snort";
+$snortdir_wan = "/usr/local/etc/snort";
+$snort_filename_md5 = "{$snort_rules_file}.md5";
+$snort_filename = "{$snort_rules_file}";
+$emergingthreats_filename_md5 = "emerging.rules.tar.gz.md5";
+$emergingthreats_filename = "emerging.rules.tar.gz";
+$pfsense_rules_filename_md5 = "pfsense_rules.tar.gz.md5";
+$pfsense_rules_filename = "pfsense_rules.tar.gz";
+
+/* Time stamps define */
+$last_md5_download = $config['installedpackages']['snortglobal']['last_md5_download'];
+$last_rules_install = $config['installedpackages']['snortglobal']['last_rules_install'];
+
+/* define checks */
+$oinkid = $config['installedpackages']['snortglobal']['oinkmastercode'];
+$snortdownload = $config['installedpackages']['snortglobal']['snortdownload'];
+$emergingthreats = $config['installedpackages']['snortglobal']['emergingthreats'];
+
+if ($snortdownload == 'off' && $emergingthreats != 'on')
+ $snort_emrging_info = 'stop';
+
+if ($oinkid == "" && $snortdownload != 'off')
+ $snort_oinkid_info = 'stop';
+
+/* check if main rule directory is empty */
+$if_mrule_dir = "/usr/local/etc/snort/rules";
+$mfolder_chk = (count(glob("$if_mrule_dir/*")) === 0) ? 'empty' : 'full';
+
+if (file_exists('/var/run/snort.conf.dirty'))
+ $snort_dirty_d = 'stop';
+
+$pgtitle = "Services: Snort: Update Rules";
+
+include("head.inc");
+?>
+
+<body link="#0000CC" vlink="#0000CC" alink="#0000CC">
+
+<?php include("fbegin.inc"); ?>
+<?if($pfsense_stable == 'yes'){echo '<p class="pgtitle">' . $pgtitle . '</p>';}?>
+
+<form action="/snort/snort_download_updates.php" method="GET">
+<table width="100%" border="0" cellpadding="0" cellspacing="0">
+<tr>
+ <td>
+ <div id="mainarea">
+ <table class="tabcont" width="100%" border="0" cellpadding="6" cellspacing="0">
+ <tr>
+ <td ><!-- progress bar -->
+ <table id="progholder" width='320'
+ style='border-collapse: collapse; border: 1px solid #000000;'
+ cellpadding='2' cellspacing='2'>
+ <tr>
+ <td><img border='0'
+ src='../themes/<?= $g['theme']; ?>/images/misc/progress_bar.gif'
+ width='280' height='23' name='progressbar' id='progressbar'
+ alt='' />
+ </td>
+ </tr>
+ </table>
+ <br />
+ <!-- status box --> <textarea cols="60" rows="2" name="status" id="status" wrap="hard">
+ <?=gettext("Initializing...");?>
+ </textarea>
+ <!-- command output box --> <textarea cols="60" rows="2" name="output" id="output" wrap="hard">
+ </textarea>
+ </td>
+ </tr>
+ </table>
+ </div>
+ </td>
+</tr>
+<tr><td><input type="submit" Value="Return"></td></tr>
+</table>
+</form>
+<?php include("fend.inc");?>
+</body>
+</html>
+
+<?php
+/* Start of code */
+conf_mount_rw();
+
+if (!is_dir('/usr/local/etc/snort/tmp'))
+ exec('/bin/mkdir -p /usr/local/etc/snort/tmp');
+
+$snort_md5_check_ok = 'off';
+$emerg_md5_check_ok = 'off';
+$pfsense_md5_check_ok = 'off';
+
+/* Set user agent to Mozilla */
+ini_set('user_agent','Mozilla/4.0 (compatible; MSIE 6.0)');
+ini_set("memory_limit","150M");
+
+/* mark the time update started */
+$config['installedpackages']['snortglobal']['last_md5_download'] = date("Y-M-jS-h:i-A");
+
+/* send current buffer */
+ob_flush();
+
+/* hide progress bar */
+hide_progress_bar_status();
+
+/* send current buffer */
+ob_flush();
+
+/* remove old $tmpfname files */
+if (is_dir("{$tmpfname}")) {
+ update_status(gettext("Removing old tmp files..."));
+ exec("/bin/rm -r {$tmpfname}");
+ apc_clear_cache();
+}
+
+/* Make shure snortdir exits */
+exec("/bin/mkdir -p {$snortdir}");
+exec("/bin/mkdir -p {$snortdir}/rules");
+exec("/bin/mkdir -p {$snortdir}/signatures");
+exec("/bin/mkdir -p {$tmpfname}");
+exec("/bin/mkdir -p /usr/local/lib/snort/dynamicrules/");
+
+/* send current buffer */
+ob_flush();
+
+/* unhide progress bar and lets end this party */
+unhide_progress_bar_status();
+
+$pfsensedownload = 'on';
+
+/* download md5 sig from snort.org */
+if ($snortdownload == 'on')
+{
+ if (file_exists("{$tmpfname}/{$snort_filename_md5}") &&
+ filesize("{$tmpfname}/{$snort_filename_md5}") > 0) {
+ update_status(gettext("snort.org md5 temp file exists..."));
+ } else {
+ update_status(gettext("Downloading snort.org md5 file..."));
+ ini_set('user_agent','Mozilla/4.0 (compatible; MSIE 6.0)');
+
+ //$image = @file_get_contents("http://www.mtest.local/pub-bin/oinkmaster.cgi/{$oinkid}/{$snort_filename_md5}");
+ $image = @file_get_contents("http://www.snort.org/pub-bin/oinkmaster.cgi/{$oinkid}/{$snort_filename_md5}");
+ @file_put_contents("{$tmpfname}/{$snort_filename_md5}", $image);
+ update_status(gettext("Done downloading snort.org md5"));
+ }
+}
+
+/* download md5 sig from emergingthreats.net */
+if ($emergingthreats == 'on')
+{
+ update_status(gettext("Downloading emergingthreats md5 file..."));
+ ini_set('user_agent','Mozilla/4.0 (compatible; MSIE 6.0)');
+ // $image = @file_get_contents("http://www.mtest.local/pub-bin/oinkmaster.cgi/{$oinkid}/version.txt");
+ $image = @file_get_contents('http://rules.emergingthreats.net/open/snort-2.9.0/emerging.rules.tar.gz.md5');
+ @file_put_contents("{$tmpfname}/{$emergingthreats_filename_md5}", $image);
+ update_status(gettext("Done downloading emergingthreats md5"));
+}
+
+/* download md5 sig from pfsense.org */
+if (file_exists("{$tmpfname}/{$pfsense_rules_filename_md5}")) {
+ update_status(gettext("pfsense md5 temp file exists..."));
+} else {
+ update_status(gettext("Downloading pfsense md5 file..."));
+ ini_set('user_agent','Mozilla/4.0 (compatible; MSIE 6.0)');
+ //$image = @file_get_contents("http://www.mtest.local/pub-bin/oinkmaster.cgi/{$oinkid}/pfsense_rules.tar.gz.md5");
+ $image = @file_get_contents("http://www.pfsense.com/packages/config/snort/pfsense_rules/pfsense_rules.tar.gz.md5");
+ @file_put_contents("{$tmpfname}/pfsense_rules.tar.gz.md5", $image);
+ update_status(gettext("Done downloading pfsense md5."));
+}
+
+/* If md5 file is empty wait 15min exit */
+if ($snortdownload == 'on')
+{
+ if (0 == filesize("{$tmpfname}/{$snort_filename_md5}"))
+ {
+ update_status(gettext("Please wait... You may only check for New Rules every 15 minutes..."));
+ update_output_window(gettext("Rules are released every month from snort.org. You may download the Rules at any time."));
+ hide_progress_bar_status();
+ $snortdownload = 'off';
+ }
+}
+
+/* If pfsense md5 file is empty wait 15min exit */
+if (0 == filesize("{$tmpfname}/$pfsense_rules_filename_md5")){
+ update_status(gettext("Please wait... You may only check for New Pfsense Rules every 15 minutes..."));
+ update_output_window(gettext("Rules are released to support Pfsense packages."));
+ hide_progress_bar_status();
+ $pfsensedownload = 'off';
+}
+
+/* Check if were up to date snort.org */
+if ($snortdownload == 'on')
+{
+ if (file_exists("{$snortdir}/{$snort_filename_md5}"))
+ {
+ $md5_check_new_parse = file_get_contents("{$tmpfname}/{$snort_filename_md5}");
+ $md5_check_new = `/bin/echo "{$md5_check_new_parse}" | /usr/bin/awk '{ print $1 }'`;
+ $md5_check_old_parse = file_get_contents("{$snortdir}/{$snort_filename_md5}");
+ $md5_check_old = `/bin/echo "{$md5_check_old_parse}" | /usr/bin/awk '{ print $1 }'`;
+ if ($md5_check_new == $md5_check_old)
+ {
+ update_status(gettext("Your rules are up to date..."));
+ update_output_window(gettext("You may start Snort now, check update."));
+ hide_progress_bar_status();
+ $snort_md5_check_ok = 'on';
+ } else {
+ update_status(gettext("Your rules are not up to date..."));
+ $snort_md5_check_ok = 'off';
+ }
+ }
+}
+
+/* Check if were up to date emergingthreats.net */
+if ($emergingthreats == 'on')
+{
+ if (file_exists("{$snortdir}/{$emergingthreats_filename_md5}"))
+ {
+ $emerg_md5_check_new_parse = file_get_contents("{$tmpfname}/{$emergingthreats_filename_md5}");
+ $emerg_md5_check_new = `/bin/echo "{$emerg_md5_check_new_parse}" | /usr/bin/awk '{ print $1 }'`;
+ $emerg_md5_check_old_parse = file_get_contents("{$snortdir}/{$emergingthreats_filename_md5}");
+ $emerg_md5_check_old = `/bin/echo "{$emerg_md5_check_old_parse}" | /usr/bin/awk '{ print $1 }'`;
+ if ($emerg_md5_check_new == $emerg_md5_check_old)
+ {
+ hide_progress_bar_status();
+ $emerg_md5_check_ok = 'on';
+ } else
+ $emerg_md5_check_ok = 'off';
+ }
+}
+
+/* Check if were up to date pfsense.org */
+if ($pfsensedownload == 'on' && file_exists("{$snortdir}/pfsense_rules.tar.gz.md5"))
+{
+ $pfsense_check_new_parse = file_get_contents("{$tmpfname}/pfsense_rules.tar.gz.md5");
+ $pfsense_md5_check_new = `/bin/echo "{$pfsense_md5_check_new_parse}" | /usr/bin/awk '{ print $1 }'`;
+ $pfsense_md5_check_old_parse = file_get_contents("{$snortdir}/pfsense_rules.tar.gz.md5");
+ $pfsense_md5_check_old = `/bin/echo "{$pfsense_md5_check_old_parse}" | /usr/bin/awk '{ print $1 }'`;
+ if ($pfsense_md5_check_new == $pfsense_md5_check_old)
+ {
+ hide_progress_bar_status();
+ $pfsense_md5_check_ok = 'on';
+ } else
+ $pfsense_md5_check_ok = 'off';
+}
+
+if ($snortdownload == 'on') {
+ if ($snort_md5_check_ok == 'on')
+ {
+ update_status(gettext("Your snort.org rules are up to date..."));
+ update_output_window(gettext("You may start Snort now..."));
+ $snortdownload = 'off';
+ }
+}
+if ($emergingthreats == 'on') {
+ if ($emerg_md5_check_ok == 'on')
+ {
+ update_status(gettext("Your Emergingthreats rules are up to date..."));
+ update_output_window(gettext("You may start Snort now..."));
+ $emergingthreats = 'off';
+ }
+}
+
+/* download snortrules file */
+if ($snortdownload == 'on')
+{
+ if ($snort_md5_check_ok != 'on') {
+ if (file_exists("{$tmpfname}/{$snort_filename}")) {
+ update_status(gettext("Snortrule tar file exists..."));
+ } else {
+ unhide_progress_bar_status();
+ update_status(gettext("There is a new set of Snort.org rules posted. Downloading..."));
+ update_output_window(gettext("May take 4 to 10 min..."));
+ download_file_with_progress_bar("http://www.snort.org/pub-bin/oinkmaster.cgi/{$oinkid}/{$snort_filename}", "{$tmpfname}/{$snort_filename}");
+ update_all_status($static_output);
+ update_status(gettext("Done downloading rules file."));
+ if (150000 > filesize("{$tmpfname}/$snort_filename")){
+ update_status(gettext("Error with the snort rules download..."));
+
+ update_output_window(gettext("Snort rules file downloaded failed..."));
+ $snortdownload = 'off';
+ }
+ }
+ }
+}
+
+/* download emergingthreats rules file */
+if ($emergingthreats == "on")
+{
+ if ($emerg_md5_check_ok != 'on')
+ {
+ if (file_exists("{$tmpfname}/{$emergingthreats_filename}"))
+ {
+ update_status(gettext('Emergingthreats tar file exists...'));
+ }else{
+ update_status(gettext("There is a new set of Emergingthreats rules posted. Downloading..."));
+ update_output_window(gettext("May take 4 to 10 min..."));
+ download_file_with_progress_bar('http://rules.emergingthreats.net/open/snort-2.9.0/emerging.rules.tar.gz', "{$tmpfname}/{$emergingthreats_filename}");
+ update_status(gettext('Done downloading Emergingthreats rules file.'));
+ }
+ }
+}
+
+/* download pfsense rules file */
+if ($pfsensedownload == 'on' && $pfsense_md5_check_ok != 'on') {
+ if (file_exists("{$tmpfname}/{$pfsense_rules_filename}")) {
+ update_status(gettext("Snortrule tar file exists..."));
+ } else {
+ unhide_progress_bar_status();
+ update_status(gettext("There is a new set of Pfsense rules posted. Downloading..."));
+ update_output_window(gettext("May take 4 to 10 min..."));
+ download_file_with_progress_bar("http://www.pfsense.com/packages/config/snort/pfsense_rules/pfsense_rules.tar.gz", $tmpfname . "/{$pfsense_rules_filename}");
+ update_all_status($static_output);
+ update_status(gettext("Done downloading rules file."));
+ }
+}
+
+/* Compair md5 sig to file sig */
+
+//$premium_url_chk = $config['installedpackages']['snort']['config'][0]['subscriber'];
+//if ($premium_url_chk == on) {
+//$md5 = file_get_contents("{$tmpfname}/{$snort_filename_md5}");
+//$file_md5_ondisk = `/sbin/md5 {$tmpfname}/{$snort_filename} | /usr/bin/awk '{ print $4 }'`;
+// if ($md5 == $file_md5_ondisk) {
+// update_status(gettext("Valid md5 checksum pass..."));
+//} else {
+// update_status(gettext("The downloaded file does not match the md5 file...P is ON"));
+// update_output_window(gettext("Error md5 Mismatch..."));
+// return;
+// }
+//}
+
+//$premium_url_chk = $config['installedpackages']['snort']['config'][0]['subscriber'];
+//if ($premium_url_chk != on) {
+//$md55 = `/bin/cat {$tmpfname}/{$snort_filename_md5} | /usr/bin/awk '{ print $4 }'`;
+//$file_md5_ondisk2 = `/sbin/md5 {$tmpfname}/{$snort_filename} | /usr/bin/awk '{ print $4 }'`;
+// if ($md55 == $file_md5_ondisk2) {
+// update_status(gettext("Valid md5 checksum pass..."));
+//} else {
+// update_status(gettext("The downloaded file does not match the md5 file...Not P"));
+// update_output_window(gettext("Error md5 Mismatch..."));
+// return;
+// }
+//}
+
/* Untar snort rules file individually to help people with low system specs */
if ($snortdownload == 'on' && $snort_md5_check_ok != 'on') {
if (file_exists("{$tmpfname}/{$snort_filename}")) {
@@ -486,291 +486,291 @@ if ($snortdownload == 'on' && $snort_md5_check_ok != 'on') { update_output_window(gettext("Error Line 755"));
$snortdownload = 'off';
}
-} - -/* Untar emergingthreats rules to tmp */ -if ($emergingthreats == 'on') -{ - if ($emerg_md5_check_ok != 'on') - { - if (file_exists("{$tmpfname}/{$emergingthreats_filename}")) - { - update_status(gettext("Extracting rules...")); - update_output_window(gettext("May take a while...")); - exec("/usr/bin/tar xzf {$tmpfname}/{$emergingthreats_filename} -C {$snortdir} rules/"); - } - } -} - -/* Untar Pfsense rules to tmp */ -if ($pfsensedownload == 'on' && $pfsense_md5_check_ok != 'on') { - if (file_exists("{$tmpfname}/{$pfsense_rules_filename}")) { - update_status(gettext("Extracting Pfsense rules...")); - update_output_window(gettext("May take a while...")); - exec("/usr/bin/tar xzf {$tmpfname}/{$pfsense_rules_filename} -C {$snortdir} rules/"); - } -} - -/* Untar snort signatures */ -if ($snortdownload == 'on' && $snort_md5_check_ok != 'on') { - if (file_exists("{$tmpfname}/{$snort_filename}")) { - $signature_info_chk = $config['installedpackages']['snortglobal']['signatureinfo']; - if ($premium_url_chk == 'on') { - update_status(gettext("Extracting Signatures...")); - update_output_window(gettext("May take a while...")); - exec("/usr/bin/tar xzf {$tmpfname}/{$snort_filename} -C {$snortdir} doc/signatures/"); - update_status(gettext("Done extracting Signatures.")); - } - } -} - -/* Copy md5 sig to snort dir */ -if ($snortdownload == 'on') -{ - if ($snort_md5_check_ok != 'on') { - if (file_exists("{$tmpfname}/$snort_filename_md5")) { - update_status(gettext("Copying md5 sig to snort directory...")); - exec("/bin/cp {$tmpfname}/$snort_filename_md5 {$snortdir}/$snort_filename_md5"); - }else{ - update_status(gettext("The md5 file does not exist...")); - update_output_window(gettext("Error copying config...")); - $snortdownload = 'off'; - } - } -} - -/* Copy emergingthreats md5 sig to snort dir */ -if ($emergingthreats == "on") -{ - if ($emerg_md5_check_ok != 'on') - { - if (file_exists("{$tmpfname}/$emergingthreats_filename_md5")) - { - update_status(gettext("Copying md5 sig to snort directory...")); - exec("/bin/cp {$tmpfname}/$emergingthreats_filename_md5 {$snortdir}/$emergingthreats_filename_md5"); - }else{ - update_status(gettext("The emergingthreats md5 file does not exist...")); - update_output_window(gettext("Error copying config...")); - $emergingthreats = 'off'; - } - } -} - -/* Copy Pfsense md5 sig to snort dir */ -if ($pfsensedownload == 'on' && $pfsense_md5_check_ok != 'on') { - if (file_exists("{$tmpfname}/$pfsense_rules_filename_md5")) { - update_status(gettext("Copying Pfsense md5 sig to snort directory...")); - exec("/bin/cp {$tmpfname}/$pfsense_rules_filename_md5 {$snortdir}/$pfsense_rules_filename_md5"); - } else { - update_status(gettext("The Pfsense md5 file does not exist...")); - update_output_window(gettext("Error copying config...")); - $pfsensedownload = 'off'; - } -} - -/* Copy signatures dir to snort dir */ -if ($snortdownload == 'on') -{ - if ($snort_md5_check_ok != 'on') - { - $signature_info_chk = $config['installedpackages']['snortglobal']['signatureinfo']; - if ($premium_url_chk == 'on') - { - if (file_exists("{$snortdir}/doc/signatures")) { - update_status(gettext("Copying signatures...")); - update_output_window(gettext("May take a while...")); - exec("/bin/mv -f {$snortdir}/doc/signatures {$snortdir}/signatures"); - exec("/bin/rm -r {$snortdir}/doc/signatures"); - update_status(gettext("Done copying signatures.")); - }else{ - update_status(gettext("Directory signatures exist...")); - update_output_window(gettext("Error copying signature...")); - $snortdownload = 'off'; - } - } - } -} - -/* double make shure cleanup emerg rules that dont belong */ -if (file_exists("/usr/local/etc/snort/rules/emerging-botcc-BLOCK.rules")) { - apc_clear_cache(); - @unlink("/usr/local/etc/snort/rules/emerging-botcc-BLOCK.rules"); - @unlink("/usr/local/etc/snort/rules/emerging-botcc.rules"); - @unlink("/usr/local/etc/snort/rules/emerging-compromised-BLOCK.rules"); - @unlink("/usr/local/etc/snort/rules/emerging-drop-BLOCK.rules"); - @unlink("/usr/local/etc/snort/rules/emerging-dshield-BLOCK.rules"); - @unlink("/usr/local/etc/snort/rules/emerging-rbn-BLOCK.rules"); - @unlink("/usr/local/etc/snort/rules/emerging-tor-BLOCK.rules"); -} - -if (file_exists("/usr/local/lib/snort/dynamicrules/lib_sfdynamic_example_rule.so")) { - exec("/bin/rm /usr/local/lib/snort/dynamicrules/lib_sfdynamic_example_rule.so"); - exec("/bin/rm /usr/local/lib/snort/dynamicrules/lib_sfdynamic_example\*"); -} - -/* make shure default rules are in the right format */ +}
+
+/* Untar emergingthreats rules to tmp */
+if ($emergingthreats == 'on')
+{
+ if ($emerg_md5_check_ok != 'on')
+ {
+ if (file_exists("{$tmpfname}/{$emergingthreats_filename}"))
+ {
+ update_status(gettext("Extracting rules..."));
+ update_output_window(gettext("May take a while..."));
+ exec("/usr/bin/tar xzf {$tmpfname}/{$emergingthreats_filename} -C {$snortdir} rules/");
+ }
+ }
+}
+
+/* Untar Pfsense rules to tmp */
+if ($pfsensedownload == 'on' && $pfsense_md5_check_ok != 'on') {
+ if (file_exists("{$tmpfname}/{$pfsense_rules_filename}")) {
+ update_status(gettext("Extracting Pfsense rules..."));
+ update_output_window(gettext("May take a while..."));
+ exec("/usr/bin/tar xzf {$tmpfname}/{$pfsense_rules_filename} -C {$snortdir} rules/");
+ }
+}
+
+/* Untar snort signatures */
+if ($snortdownload == 'on' && $snort_md5_check_ok != 'on') {
+ if (file_exists("{$tmpfname}/{$snort_filename}")) {
+ $signature_info_chk = $config['installedpackages']['snortglobal']['signatureinfo'];
+ if ($premium_url_chk == 'on') {
+ update_status(gettext("Extracting Signatures..."));
+ update_output_window(gettext("May take a while..."));
+ exec("/usr/bin/tar xzf {$tmpfname}/{$snort_filename} -C {$snortdir} doc/signatures/");
+ update_status(gettext("Done extracting Signatures."));
+ }
+ }
+}
+
+/* Copy md5 sig to snort dir */
+if ($snortdownload == 'on')
+{
+ if ($snort_md5_check_ok != 'on') {
+ if (file_exists("{$tmpfname}/$snort_filename_md5")) {
+ update_status(gettext("Copying md5 sig to snort directory..."));
+ exec("/bin/cp {$tmpfname}/$snort_filename_md5 {$snortdir}/$snort_filename_md5");
+ }else{
+ update_status(gettext("The md5 file does not exist..."));
+ update_output_window(gettext("Error copying config..."));
+ $snortdownload = 'off';
+ }
+ }
+}
+
+/* Copy emergingthreats md5 sig to snort dir */
+if ($emergingthreats == "on")
+{
+ if ($emerg_md5_check_ok != 'on')
+ {
+ if (file_exists("{$tmpfname}/$emergingthreats_filename_md5"))
+ {
+ update_status(gettext("Copying md5 sig to snort directory..."));
+ exec("/bin/cp {$tmpfname}/$emergingthreats_filename_md5 {$snortdir}/$emergingthreats_filename_md5");
+ }else{
+ update_status(gettext("The emergingthreats md5 file does not exist..."));
+ update_output_window(gettext("Error copying config..."));
+ $emergingthreats = 'off';
+ }
+ }
+}
+
+/* Copy Pfsense md5 sig to snort dir */
+if ($pfsensedownload == 'on' && $pfsense_md5_check_ok != 'on') {
+ if (file_exists("{$tmpfname}/$pfsense_rules_filename_md5")) {
+ update_status(gettext("Copying Pfsense md5 sig to snort directory..."));
+ exec("/bin/cp {$tmpfname}/$pfsense_rules_filename_md5 {$snortdir}/$pfsense_rules_filename_md5");
+ } else {
+ update_status(gettext("The Pfsense md5 file does not exist..."));
+ update_output_window(gettext("Error copying config..."));
+ $pfsensedownload = 'off';
+ }
+}
+
+/* Copy signatures dir to snort dir */
+if ($snortdownload == 'on')
+{
+ if ($snort_md5_check_ok != 'on')
+ {
+ $signature_info_chk = $config['installedpackages']['snortglobal']['signatureinfo'];
+ if ($premium_url_chk == 'on')
+ {
+ if (file_exists("{$snortdir}/doc/signatures")) {
+ update_status(gettext("Copying signatures..."));
+ update_output_window(gettext("May take a while..."));
+ exec("/bin/mv -f {$snortdir}/doc/signatures {$snortdir}/signatures");
+ exec("/bin/rm -r {$snortdir}/doc/signatures");
+ update_status(gettext("Done copying signatures."));
+ }else{
+ update_status(gettext("Directory signatures exist..."));
+ update_output_window(gettext("Error copying signature..."));
+ $snortdownload = 'off';
+ }
+ }
+ }
+}
+
+/* double make shure cleanup emerg rules that dont belong */
+if (file_exists("/usr/local/etc/snort/rules/emerging-botcc-BLOCK.rules")) {
+ apc_clear_cache();
+ @unlink("/usr/local/etc/snort/rules/emerging-botcc-BLOCK.rules");
+ @unlink("/usr/local/etc/snort/rules/emerging-botcc.rules");
+ @unlink("/usr/local/etc/snort/rules/emerging-compromised-BLOCK.rules");
+ @unlink("/usr/local/etc/snort/rules/emerging-drop-BLOCK.rules");
+ @unlink("/usr/local/etc/snort/rules/emerging-dshield-BLOCK.rules");
+ @unlink("/usr/local/etc/snort/rules/emerging-rbn-BLOCK.rules");
+ @unlink("/usr/local/etc/snort/rules/emerging-tor-BLOCK.rules");
+}
+
+if (file_exists("/usr/local/lib/snort/dynamicrules/lib_sfdynamic_example_rule.so")) {
+ exec("/bin/rm /usr/local/lib/snort/dynamicrules/lib_sfdynamic_example_rule.so");
+ exec("/bin/rm /usr/local/lib/snort/dynamicrules/lib_sfdynamic_example\*");
+}
+
+/* make shure default rules are in the right format */
exec("/usr/bin/sed -i '' 's/^[ \t]*//' /usr/local/etc/snort/rules/*.rules"); // remove white spaces from begining of line
exec("/usr/bin/sed -i '' 's/^#alert*/\# alert/' /usr/local/etc/snort/rules/*.rules");
exec("/usr/bin/sed -i '' 's/^##alert*/\# alert/' /usr/local/etc/snort/rules/*.rules");
-exec("/usr/bin/sed -i '' 's/^## alert*/\# alert/' /usr/local/etc/snort/rules/*.rules"); - -/* create a msg-map for snort */ -update_status(gettext("Updating Alert Messages...")); -update_output_window(gettext("Please Wait...")); -exec("/usr/local/bin/perl /usr/local/bin/create-sidmap.pl /usr/local/etc/snort/rules > /usr/local/etc/snort/sid-msg.map"); - - -////////////////// - -/* open oinkmaster_conf for writing" function */ -function oinkmaster_conf($id, $if_real, $iface_uuid) -{ - global $config, $snort_md5_check_ok, $emerg_md5_check_ok, $pfsense_md5_check_ok; - - @unlink("/usr/local/etc/snort/snort_{$iface_uuid}_{$if_real}/oinkmaster_{$iface_uuid}_{$if_real}.conf"); - - /* enable disable setting will carry over with updates */ - /* TODO carry signature changes with the updates */ - if ($snort_md5_check_ok != 'on' || $emerg_md5_check_ok != 'on' || $pfsense_md5_check_ok != 'on') { - - $selected_sid_on_sections = ""; - $selected_sid_off_sections = ""; - - if (!empty($config['installedpackages']['snortglobal']['rule'][$id]['rule_sid_on'])) { - $enabled_sid_on = trim($config['installedpackages']['snortglobal']['rule'][$id]['rule_sid_on']); - $enabled_sid_on_array = split('\|\|', $enabled_sid_on); - foreach($enabled_sid_on_array as $enabled_item_on) - $selected_sid_on_sections .= "$enabled_item_on\n"; - } - - if (!empty($config['installedpackages']['snortglobal']['rule'][$id]['rule_sid_off'])) { - $enabled_sid_off = trim($config['installedpackages']['snortglobal']['rule'][$id]['rule_sid_off']); - $enabled_sid_off_array = split('\|\|', $enabled_sid_off); - foreach($enabled_sid_off_array as $enabled_item_off) - $selected_sid_off_sections .= "$enabled_item_off\n"; - } - - if (!empty($selected_sid_on_sections) || !empty($selected_sid_off_sections)) { - $snort_sid_text = <<<EOD - -########################################### -# # -# this is auto generated on snort updates # -# # -########################################### - -path = /bin:/usr/bin:/usr/local/bin - -update_files = \.rules$|\.config$|\.conf$|\.txt$|\.map$ - -url = dir:///usr/local/etc/snort/rules - -$selected_sid_on_sections - -$selected_sid_off_sections - -EOD; - - /* open snort's oinkmaster.conf for writing */ - @file_put_contents("/usr/local/etc/snort/snort_{$iface_uuid}_{$if_real}/oinkmaster_{$iface_uuid}_{$if_real}.conf", $snort_sid_text); - } - } -} - -/* Run oinkmaster to snort_wan and cp configs */ -/* If oinkmaster is not needed cp rules normally */ -/* TODO add per interface settings here */ -function oinkmaster_run($id, $if_real, $iface_uuid) -{ - global $config, $g, $snortdir_wan, $snortdir, $snort_md5_check_ok, $emerg_md5_check_ok, $pfsense_md5_check_ok; - - if ($snort_md5_check_ok != 'on' || $emerg_md5_check_ok != 'on' || $pfsense_md5_check_ok != 'on') { - if (empty($config['installedpackages']['snortglobal']['rule'][$id]['rule_sid_on']) && empty($config['installedpackages']['snortglobal']['rule'][$id]['rule_sid_off'])) { - update_status(gettext("Your first set of rules are being copied...")); - update_output_window(gettext("May take a while...")); - exec("/bin/cp {$snortdir}/rules/* {$snortdir_wan}/snort_{$iface_uuid}_{$if_real}/rules/"); - exec("/bin/cp {$snortdir}/classification.config {$snortdir_wan}/snort_{$iface_uuid}_{$if_real}"); - exec("/bin/cp {$snortdir}/gen-msg.map {$snortdir_wan}/snort_{$iface_uuid}_{$if_real}"); - exec("/bin/cp {$snortdir}/generators {$snortdir_wan}/snort_{$iface_uuid}_{$if_real}"); - exec("/bin/cp {$snortdir}/reference.config {$snortdir_wan}/snort_{$iface_uuid}_{$if_real}"); - exec("/bin/cp {$snortdir}/sid {$snortdir_wan}/snort_{$iface_uuid}_{$if_real}"); - exec("/bin/cp {$snortdir}/sid-msg.map {$snortdir_wan}/snort_{$iface_uuid}_{$if_real}"); - exec("/bin/cp {$snortdir}/unicode.map {$snortdir_wan}/snort_{$iface_uuid}_{$if_real}"); - } else { - update_status(gettext("Your enable and disable changes are being applied to your fresh set of rules...")); - update_output_window(gettext("May take a while...")); - exec("/bin/cp {$snortdir}/rules/* {$snortdir_wan}/snort_{$iface_uuid}_{$if_real}/rules/"); - exec("/bin/cp {$snortdir}/classification.config {$snortdir_wan}/snort_{$iface_uuid}_{$if_real}"); - exec("/bin/cp {$snortdir}/gen-msg.map {$snortdir_wan}/snort_{$iface_uuid}_{$if_real}"); - exec("/bin/cp {$snortdir}/generators {$snortdir_wan}/snort_{$iface_uuid}_{$if_real}"); - exec("/bin/cp {$snortdir}/reference.config {$snortdir_wan}/snort_{$iface_uuid}_{$if_real}"); - exec("/bin/cp {$snortdir}/sid {$snortdir_wan}/snort_{$iface_uuid}_{$if_real}"); - exec("/bin/cp {$snortdir}/sid-msg.map {$snortdir_wan}/snort_{$iface_uuid}_{$if_real}"); - exec("/bin/cp {$snortdir}/unicode.map {$snortdir_wan}/snort_{$iface_uuid}_{$if_real}"); - - /* might have to add a sleep for 3sec for flash drives or old drives */ - exec("/usr/local/bin/perl /usr/local/bin/oinkmaster.pl -C /usr/local/etc/snort/snort_{$iface_uuid}_{$if_real}/oinkmaster_{$iface_uuid}_{$if_real}.conf -o /usr/local/etc/snort/snort_{$iface_uuid}_{$if_real}/rules > /usr/local/etc/snort/oinkmaster_{$iface_uuid}_{$if_real}.log"); - } - } -} - -/* Start the proccess for every interface rule */ -/* TODO: try to make the code smother */ -if (is_array($config['installedpackages']['snortglobal']['rule'])) -{ - foreach ($config['installedpackages']['snortglobal']['rule'] as $id => $value) { - $result_lan = $value['interface']; - $if_real = snort_get_real_interface($result_lan); - $iface_uuid = $value['uuid']; - - /* make oinkmaster.conf for each interface rule */ - oinkmaster_conf($id, $if_real, $iface_uuid); - - /* run oinkmaster for each interface rule */ - oinkmaster_run($id, $if_real, $iface_uuid); - } -} - -////////////// - -/* mark the time update finnished */ -$config['installedpackages']['snortglobal']['last_rules_install'] = date("Y-M-jS-h:i-A"); - -/* remove old $tmpfname files */ -if (is_dir('/usr/local/etc/snort/tmp')) { - update_status(gettext("Cleaning up...")); - exec("/bin/rm -r /usr/local/etc/snort/tmp/snort_rules_up"); - sleep(2); - exec("/bin/rm -r /usr/local/etc/snort/tmp/rules_bk"); -} - -/* XXX: These are needed if snort is run as snort user -mwexec("/usr/sbin/chown -R snort:snort /var/log/snort", true); -mwexec("/usr/sbin/chown -R snort:snort /usr/local/etc/snort", true); -mwexec("/usr/sbin/chown -R snort:snort /usr/local/lib/snort", true); -*/ -/* make all dirs snorts */ -mwexec("/bin/chmod -R 755 /var/log/snort", true); -mwexec("/bin/chmod -R 755 /usr/local/etc/snort", true); -mwexec("/bin/chmod -R 755 /usr/local/lib/snort", true); - -/* hide progress bar and lets end this party */ -hide_progress_bar_status(); - -if ($snortdownload == 'off' && $emergingthreats == 'off' && $pfsensedownload == 'off') - update_output_window(gettext("Finished...")); -else if ($snort_md5_check_ok == 'on' && $emerg_md5_check_ok == 'on' && $pfsense_md5_check_ok == 'on') - update_output_window(gettext("Finished...")); -else { - /* You are Not Up to date, always stop snort when updating rules for low end machines */; - update_status(gettext("You are NOT up to date...")); - exec("/bin/sh /usr/local/etc/rc.d/snort.sh start"); - update_status(gettext("The Rules update finished...")); - update_output_window(gettext("Snort has restarted with your new set of rules...")); - exec("/bin/rm /tmp/snort_download_halt.pid"); -} - -update_status(gettext("The Rules update finished...")); -conf_mount_ro(); - -?> +exec("/usr/bin/sed -i '' 's/^## alert*/\# alert/' /usr/local/etc/snort/rules/*.rules");
+
+/* create a msg-map for snort */
+update_status(gettext("Updating Alert Messages..."));
+update_output_window(gettext("Please Wait..."));
+exec("/usr/local/bin/perl /usr/local/bin/create-sidmap.pl /usr/local/etc/snort/rules > /usr/local/etc/snort/sid-msg.map");
+
+
+//////////////////
+
+/* open oinkmaster_conf for writing" function */
+function oinkmaster_conf($id, $if_real, $iface_uuid)
+{
+ global $config, $snort_md5_check_ok, $emerg_md5_check_ok, $pfsense_md5_check_ok;
+
+ @unlink("/usr/local/etc/snort/snort_{$iface_uuid}_{$if_real}/oinkmaster_{$iface_uuid}_{$if_real}.conf");
+
+ /* enable disable setting will carry over with updates */
+ /* TODO carry signature changes with the updates */
+ if ($snort_md5_check_ok != 'on' || $emerg_md5_check_ok != 'on' || $pfsense_md5_check_ok != 'on') {
+
+ $selected_sid_on_sections = "";
+ $selected_sid_off_sections = "";
+
+ if (!empty($config['installedpackages']['snortglobal']['rule'][$id]['rule_sid_on'])) {
+ $enabled_sid_on = trim($config['installedpackages']['snortglobal']['rule'][$id]['rule_sid_on']);
+ $enabled_sid_on_array = split('\|\|', $enabled_sid_on);
+ foreach($enabled_sid_on_array as $enabled_item_on)
+ $selected_sid_on_sections .= "$enabled_item_on\n";
+ }
+
+ if (!empty($config['installedpackages']['snortglobal']['rule'][$id]['rule_sid_off'])) {
+ $enabled_sid_off = trim($config['installedpackages']['snortglobal']['rule'][$id]['rule_sid_off']);
+ $enabled_sid_off_array = split('\|\|', $enabled_sid_off);
+ foreach($enabled_sid_off_array as $enabled_item_off)
+ $selected_sid_off_sections .= "$enabled_item_off\n";
+ }
+
+ if (!empty($selected_sid_on_sections) || !empty($selected_sid_off_sections)) {
+ $snort_sid_text = <<<EOD
+
+###########################################
+# #
+# this is auto generated on snort updates #
+# #
+###########################################
+
+path = /bin:/usr/bin:/usr/local/bin
+
+update_files = \.rules$|\.config$|\.conf$|\.txt$|\.map$
+
+url = dir:///usr/local/etc/snort/rules
+
+$selected_sid_on_sections
+
+$selected_sid_off_sections
+
+EOD;
+
+ /* open snort's oinkmaster.conf for writing */
+ @file_put_contents("/usr/local/etc/snort/snort_{$iface_uuid}_{$if_real}/oinkmaster_{$iface_uuid}_{$if_real}.conf", $snort_sid_text);
+ }
+ }
+}
+
+/* Run oinkmaster to snort_wan and cp configs */
+/* If oinkmaster is not needed cp rules normally */
+/* TODO add per interface settings here */
+function oinkmaster_run($id, $if_real, $iface_uuid)
+{
+ global $config, $g, $snortdir_wan, $snortdir, $snort_md5_check_ok, $emerg_md5_check_ok, $pfsense_md5_check_ok;
+
+ if ($snort_md5_check_ok != 'on' || $emerg_md5_check_ok != 'on' || $pfsense_md5_check_ok != 'on') {
+ if (empty($config['installedpackages']['snortglobal']['rule'][$id]['rule_sid_on']) && empty($config['installedpackages']['snortglobal']['rule'][$id]['rule_sid_off'])) {
+ update_status(gettext("Your first set of rules are being copied..."));
+ update_output_window(gettext("May take a while..."));
+ exec("/bin/cp {$snortdir}/rules/* {$snortdir_wan}/snort_{$iface_uuid}_{$if_real}/rules/");
+ exec("/bin/cp {$snortdir}/classification.config {$snortdir_wan}/snort_{$iface_uuid}_{$if_real}");
+ exec("/bin/cp {$snortdir}/gen-msg.map {$snortdir_wan}/snort_{$iface_uuid}_{$if_real}");
+ exec("/bin/cp {$snortdir}/generators {$snortdir_wan}/snort_{$iface_uuid}_{$if_real}");
+ exec("/bin/cp {$snortdir}/reference.config {$snortdir_wan}/snort_{$iface_uuid}_{$if_real}");
+ exec("/bin/cp {$snortdir}/sid {$snortdir_wan}/snort_{$iface_uuid}_{$if_real}");
+ exec("/bin/cp {$snortdir}/sid-msg.map {$snortdir_wan}/snort_{$iface_uuid}_{$if_real}");
+ exec("/bin/cp {$snortdir}/unicode.map {$snortdir_wan}/snort_{$iface_uuid}_{$if_real}");
+ } else {
+ update_status(gettext("Your enable and disable changes are being applied to your fresh set of rules..."));
+ update_output_window(gettext("May take a while..."));
+ exec("/bin/cp {$snortdir}/rules/* {$snortdir_wan}/snort_{$iface_uuid}_{$if_real}/rules/");
+ exec("/bin/cp {$snortdir}/classification.config {$snortdir_wan}/snort_{$iface_uuid}_{$if_real}");
+ exec("/bin/cp {$snortdir}/gen-msg.map {$snortdir_wan}/snort_{$iface_uuid}_{$if_real}");
+ exec("/bin/cp {$snortdir}/generators {$snortdir_wan}/snort_{$iface_uuid}_{$if_real}");
+ exec("/bin/cp {$snortdir}/reference.config {$snortdir_wan}/snort_{$iface_uuid}_{$if_real}");
+ exec("/bin/cp {$snortdir}/sid {$snortdir_wan}/snort_{$iface_uuid}_{$if_real}");
+ exec("/bin/cp {$snortdir}/sid-msg.map {$snortdir_wan}/snort_{$iface_uuid}_{$if_real}");
+ exec("/bin/cp {$snortdir}/unicode.map {$snortdir_wan}/snort_{$iface_uuid}_{$if_real}");
+
+ /* might have to add a sleep for 3sec for flash drives or old drives */
+ exec("/usr/local/bin/perl /usr/local/bin/oinkmaster.pl -C /usr/local/etc/snort/snort_{$iface_uuid}_{$if_real}/oinkmaster_{$iface_uuid}_{$if_real}.conf -o /usr/local/etc/snort/snort_{$iface_uuid}_{$if_real}/rules > /usr/local/etc/snort/oinkmaster_{$iface_uuid}_{$if_real}.log");
+ }
+ }
+}
+
+/* Start the proccess for every interface rule */
+/* TODO: try to make the code smother */
+if (is_array($config['installedpackages']['snortglobal']['rule']))
+{
+ foreach ($config['installedpackages']['snortglobal']['rule'] as $id => $value) {
+ $result_lan = $value['interface'];
+ $if_real = snort_get_real_interface($result_lan);
+ $iface_uuid = $value['uuid'];
+
+ /* make oinkmaster.conf for each interface rule */
+ oinkmaster_conf($id, $if_real, $iface_uuid);
+
+ /* run oinkmaster for each interface rule */
+ oinkmaster_run($id, $if_real, $iface_uuid);
+ }
+}
+
+//////////////
+
+/* mark the time update finnished */
+$config['installedpackages']['snortglobal']['last_rules_install'] = date("Y-M-jS-h:i-A");
+
+/* remove old $tmpfname files */
+if (is_dir('/usr/local/etc/snort/tmp')) {
+ update_status(gettext("Cleaning up..."));
+ exec("/bin/rm -r /usr/local/etc/snort/tmp/snort_rules_up");
+ sleep(2);
+ exec("/bin/rm -r /usr/local/etc/snort/tmp/rules_bk");
+}
+
+/* XXX: These are needed if snort is run as snort user
+mwexec("/usr/sbin/chown -R snort:snort /var/log/snort", true);
+mwexec("/usr/sbin/chown -R snort:snort /usr/local/etc/snort", true);
+mwexec("/usr/sbin/chown -R snort:snort /usr/local/lib/snort", true);
+*/
+/* make all dirs snorts */
+mwexec("/bin/chmod -R 755 /var/log/snort", true);
+mwexec("/bin/chmod -R 755 /usr/local/etc/snort", true);
+mwexec("/bin/chmod -R 755 /usr/local/lib/snort", true);
+
+/* hide progress bar and lets end this party */
+hide_progress_bar_status();
+
+if ($snortdownload == 'off' && $emergingthreats == 'off' && $pfsensedownload == 'off')
+ update_output_window(gettext("Finished..."));
+else if ($snort_md5_check_ok == 'on' && $emerg_md5_check_ok == 'on' && $pfsense_md5_check_ok == 'on')
+ update_output_window(gettext("Finished..."));
+else {
+ /* You are Not Up to date, always stop snort when updating rules for low end machines */;
+ update_status(gettext("You are NOT up to date..."));
+ exec("/bin/sh /usr/local/etc/rc.d/snort.sh start");
+ update_status(gettext("The Rules update finished..."));
+ update_output_window(gettext("Snort has restarted with your new set of rules..."));
+ exec("/bin/rm /tmp/snort_download_halt.pid");
+}
+
+update_status(gettext("The Rules update finished..."));
+conf_mount_ro();
+
+?>
diff --git a/config/snort-dev/snort_download_updates.php b/config/snort-dev/snort_download_updates.php index e902cd64..22b8fcba 100644 --- a/config/snort-dev/snort_download_updates.php +++ b/config/snort-dev/snort_download_updates.php @@ -1,322 +1,322 @@ -<?php -/* - snort_download_updates.php - part of pfSense - Copyright (C) 2004 Scott Ullrich - Copyright (C) 2011 Ermal Luci - All rights reserved. - - part of m0n0wall as reboot.php (http://m0n0.ch/wall) - Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>. - All rights reserved. - - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions are met: - - 1. Redistributions of source code must retain the above copyright notice, - this list of conditions and the following disclaimer. - - 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. - - THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, - INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY - AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, - OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - POSSIBILITY OF SUCH DAMAGE. - */ - -require_once("guiconfig.inc"); -require_once("/usr/local/pkg/snort/snort_gui.inc"); -require_once("/usr/local/pkg/snort/snort.inc"); - -global $g; - -/* load only javascript that is needed */ -$snort_load_jquery = 'yes'; -$snort_load_jquery_colorbox = 'yes'; - - -/* quick md5s chk */ -$snort_org_sig_chk_local = 'N/A'; -if (file_exists("/usr/local/etc/snort/{$snort_rules_file}.md5")) - $snort_org_sig_chk_local = exec("/bin/cat /usr/local/etc/snort/{$snort_rules_file}.md5"); - -$emergingt_net_sig_chk_local = 'N/A'; -if(file_exists('/usr/local/etc/snort/emerging.rules.tar.gz.md5')) - $emergingt_net_sig_chk_local = exec('/bin/cat /usr/local/etc/snort/emerging.rules.tar.gz.md5'); - -$pfsense_org_sig_chk_local = 'N/A'; -if(file_exists('/usr/local/etc/snort/pfsense_rules.tar.gz.md5')) - $pfsense_org_sig_chk_local = exec('/bin/cat /usr/local/etc/snort/pfsense_rules.tar.gz.md5'); - -/* define checks */ -$oinkid = $config['installedpackages']['snortglobal']['oinkmastercode']; -$snortdownload = $config['installedpackages']['snortglobal']['snortdownload']; -$emergingthreats = $config['installedpackages']['snortglobal']['emergingthreats']; - -if ($snortdownload != 'on' && $emergingthreats != 'on') - $snort_emrging_info = 'stop'; - -if ($oinkid == '' && $snortdownload != 'off') - $snort_oinkid_info = 'stop'; - -if ($snort_emrging_info == 'stop' || $snort_oinkid_info == 'stop') - $error_stop = 'true'; - -/* check if main rule directory is empty */ -$if_mrule_dir = "/usr/local/etc/snort/rules"; -$mfolder_chk = (count(glob("$if_mrule_dir/*")) === 0) ? 'empty' : 'full'; - -/* check for logfile */ -$update_logfile_chk = 'no'; -if (file_exists('/usr/local/etc/snort/snort_update.log')) - $update_logfile_chk = 'yes'; - -header("snort_help_info.php"); -header( "Expires: Mon, 20 Dec 1998 01:00:00 GMT" ); -header( "Last-Modified: " . gmdate("D, d M Y H:i:s") . " GMT" ); -header( "Cache-Control: no-cache, must-revalidate" ); -header( "Pragma: no-cache" ); - - -$pgtitle = "Services: Snort: Updates"; -include_once("head.inc"); - -?> - -<body link="#000000" vlink="#000000" alink="#000000"> - -<?php -echo "{$snort_general_css}\n"; -echo "$snort_interfaces_css\n"; -?> - -<?php include("fbegin.inc"); ?> - -<?if($pfsense_stable == 'yes'){echo '<p class="pgtitle">' . $pgtitle . '</p>';}?> - -<noscript> -<div class="alert" ALIGN=CENTER><img - src="../themes/<?php echo $g['theme']; ?>/images/icons/icon_alert.gif" /><strong>Please -enable JavaScript to view this content -</CENTER></div> -</noscript> - -<table width="100%" border="0" cellpadding="0" cellspacing="0"> -<tr><td> -<?php - $tab_array = array(); - $tab_array[0] = array(gettext("Snort Interfaces"), false, "/snort/snort_interfaces.php"); - $tab_array[1] = array(gettext("Global Settings"), false, "/snort/snort_interfaces_global.php"); - $tab_array[2] = array(gettext("Updates"), true, "/snort/snort_download_updates.php"); - $tab_array[3] = array(gettext("Alerts"), false, "/snort/snort_alerts.php"); - $tab_array[4] = array(gettext("Blocked"), false, "/snort/snort_blocked.php"); - $tab_array[5] = array(gettext("Whitelists"), false, "/snort/snort_interfaces_whitelist.php"); - $tab_array[6] = array(gettext("Suppress"), false, "/snort/snort_interfaces_suppress.php"); - $tab_array[7] = array(gettext("Help"), false, "/snort/help_and_info.php"); - display_top_tabs($tab_array); -?> -</td></tr> -<tr> - <td> - <div id="mainarea3"> - <table id="maintable4" class="tabcont" width="100%" border="0" - cellpadding="0" cellspacing="0"> - <tr> - <td><!-- grey line --> - <table height="12px" width="725px" border="0" cellpadding="5px" - cellspacing="0"> - <tr> - <td style='background-color: #eeeeee'> - <div height="12px" width="725px" style='background-color: #dddddd'> - </div> - </td> - </tr> - </table> - - <br> - - <table id="download_rules" height="32px" width="725px" border="0" - cellpadding="5px" cellspacing="0"> - <tr> - <td id="download_rules_td" style="background-color: #eeeeee"> - <div height="32" width="725px" style="background-color: #eeeeee"> - - <font color="#777777" size="1.5px"><b>INSTALLED SIGNATURE RULESET</b></font><br> - <br> - <p style="text-align: left; margin-left: 225px;"><font - color="#FF850A" size="1px"><b>SNORT.ORG >>></b></font><font - size="1px" color="#000000"> <? echo $snort_org_sig_chk_local; ?></font><br> - <font color="#FF850A" size="1px"><b>EMERGINGTHREATS.NET >>></b></font><font - size="1px" color="#000000"> <? echo $emergingt_net_sig_chk_local; ?></font><br> - <font color="#FF850A" size="1px"><b>PFSENSE.ORG >>></b></font><font - size="1px" color="#000000"> <? echo $pfsense_org_sig_chk_local; ?></font><br> - </p> - - </div> - </td> - </tr> - </table> - - <br> - - <!-- grey line --> - <table height="12px" width="725px" border="0" cellpadding="5px" - cellspacing="0"> - <tr> - <td style='background-color: #eeeeee'> - <div height="12px" width="725px" style='background-color: #eeeeee'> - </div> - </td> - </tr> - </table> - - <br> - - <table id="download_rules" height="32px" width="725px" border="0" - cellpadding="5px" cellspacing="0"> - <tr> - <td id="download_rules_td" style='background-color: #eeeeee'> - <div height="32" width="725px" style='background-color: #eeeeee'> - - <font color='#777777' size='1.5px'><b>UPDATE YOUR RULES</b></font><br> - <br> - - <?php - - if ($error_stop == 'true') { - echo ' - - <button class="sexybutton disabled" disabled="disabled"><span class="download">Update Rules </span></button><br/> - <p style="text-align:left; margin-left:150px;"> - <font color="#fc3608" size="2px"><b>WARNING:</b></font><font size="1px" color="#000000"> No rule types have been selected for download. "Global Settings Tab"</font><br>'; - - if ($mfolder_chk == 'empty') { - - echo ' - <font color="#fc3608" size="2px"><b>WARNING:</b></font><font size="1px" color="#000000"> The main rules directory is empty. /usr/local/etc/snort/rules</font>' ."\n"; - } - - echo '</p>' . "\n"; - - }else{ - - echo ' - - <a href="/snort/snort_download_rules.php"><button class="sexybutton disabled"><span class="download">Update Rules </span></button></a><br/>' . "\n"; - - if ($mfolder_chk == 'empty') { - - echo ' - <p style="text-align:left; margin-left:150px;"> - <font color="#fc3608" size="2px"><b>WARNING:</b></font><font size="1px" color="#000000"> The main rules directory is empty. /usr/local/etc/snort/rules</font> - </p>'; - } - - } - - ?> <br> - - </div> - </td> - </tr> - </table> - - <br> - - <table id="download_rules" height="32px" width="725px" border="0" - cellpadding="5px" cellspacing="0"> - <tr> - <td id="download_rules_td" style='background-color: #eeeeee'> - <div height="32" width="725px" style='background-color: #eeeeee'> - - <font color='#777777' size='1.5px'><b>VIEW UPDATE LOG</b></font><br> - <br> - - <?php - - if ($update_logfile_chk == 'yes') { - echo ' - <button class="sexybutton sexysimple example9" href="/snort/snort_rules_edit.php?openruleset=/usr/local/etc/snort/snort_update.log"><span class="pwhitetxt">Update Log </span></button>' . "\n"; - }else{ - echo ' - <button class="sexybutton disabled" disabled="disabled" href="/snort/snort_rules_edit.php?openruleset=/usr/local/etc/snort/snort_update.log"><span class="pwhitetxt">Update Log </span></button>' . "\n"; - } - - ?> <br> - <br> - - </div> - </td> - </tr> - </table> - - <br> - - <table height="12px" width="725px" border="0" cellpadding="5px" - cellspacing="0"> - <tr> - <td style='background-color: #eeeeee'> - <div height="12px" width="725px" style='background-color: #eeeeee'> - </div> - </td> - </tr> - </table> - - <br> - - <table id="download_rules" height="32px" width="725px" border="0" - cellpadding="5px" cellspacing="0"> - <tr> - <td id="download_rules_td" style='background-color: #eeeeee'> - <div height="32" width="725px" style='background-color: #eeeeee'> - - <img style='vertical-align: middle' - src="/snort/images/icon_excli.png" width="40" height="32"> <font - color='#FF850A' size='1px'><b>NOTE:</b></font><font size='1px' - color='#000000'> Snort.org and Emergingthreats.net - will go down from time to time. Please be patient.</font></div> - </td> - </tr> - </table> - - <br> - - <table height="12px" width="725px" border="0" cellpadding="5px" - cellspacing="0"> - <tr> - <td style='background-color: #eeeeee'> - <div height="12px" width="725px" style='background-color: #eeeeee'> - </div> - </td> - </tr> - </table> - - </td> - </tr> - </table> - </div> - - - - - - <br> - </td> - </tr> -</table> -<!-- end of final table --></div> - -<?php include("fend.inc"); ?> - -<?php echo "$snort_custom_rnd_box\n"; ?> - -</body> -</html> +<?php
+/*
+ snort_download_updates.php
+ part of pfSense
+ Copyright (C) 2004 Scott Ullrich
+ Copyright (C) 2011 Ermal Luci
+ All rights reserved.
+
+ part of m0n0wall as reboot.php (http://m0n0.ch/wall)
+ Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>.
+ All rights reserved.
+
+ Redistribution and use in source and binary forms, with or without
+ modification, are permitted provided that the following conditions are met:
+
+ 1. Redistributions of source code must retain the above copyright notice,
+ this list of conditions and the following disclaimer.
+
+ 2. Redistributions in binary form must reproduce the above copyright
+ notice, this list of conditions and the following disclaimer in the
+ documentation and/or other materials provided with the distribution.
+
+ THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
+ INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
+ AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
+ OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ POSSIBILITY OF SUCH DAMAGE.
+ */
+
+require_once("guiconfig.inc");
+require_once("/usr/local/pkg/snort/snort_gui.inc");
+require_once("/usr/local/pkg/snort/snort.inc");
+
+global $g;
+
+/* load only javascript that is needed */
+$snort_load_jquery = 'yes';
+$snort_load_jquery_colorbox = 'yes';
+
+
+/* quick md5s chk */
+$snort_org_sig_chk_local = 'N/A';
+if (file_exists("/usr/local/etc/snort/{$snort_rules_file}.md5"))
+ $snort_org_sig_chk_local = exec("/bin/cat /usr/local/etc/snort/{$snort_rules_file}.md5");
+
+$emergingt_net_sig_chk_local = 'N/A';
+if(file_exists('/usr/local/etc/snort/emerging.rules.tar.gz.md5'))
+ $emergingt_net_sig_chk_local = exec('/bin/cat /usr/local/etc/snort/emerging.rules.tar.gz.md5');
+
+$pfsense_org_sig_chk_local = 'N/A';
+if(file_exists('/usr/local/etc/snort/pfsense_rules.tar.gz.md5'))
+ $pfsense_org_sig_chk_local = exec('/bin/cat /usr/local/etc/snort/pfsense_rules.tar.gz.md5');
+
+/* define checks */
+$oinkid = $config['installedpackages']['snortglobal']['oinkmastercode'];
+$snortdownload = $config['installedpackages']['snortglobal']['snortdownload'];
+$emergingthreats = $config['installedpackages']['snortglobal']['emergingthreats'];
+
+if ($snortdownload != 'on' && $emergingthreats != 'on')
+ $snort_emrging_info = 'stop';
+
+if ($oinkid == '' && $snortdownload != 'off')
+ $snort_oinkid_info = 'stop';
+
+if ($snort_emrging_info == 'stop' || $snort_oinkid_info == 'stop')
+ $error_stop = 'true';
+
+/* check if main rule directory is empty */
+$if_mrule_dir = "/usr/local/etc/snort/rules";
+$mfolder_chk = (count(glob("$if_mrule_dir/*")) === 0) ? 'empty' : 'full';
+
+/* check for logfile */
+$update_logfile_chk = 'no';
+if (file_exists('/usr/local/etc/snort/snort_update.log'))
+ $update_logfile_chk = 'yes';
+
+header("snort_help_info.php");
+header( "Expires: Mon, 20 Dec 1998 01:00:00 GMT" );
+header( "Last-Modified: " . gmdate("D, d M Y H:i:s") . " GMT" );
+header( "Cache-Control: no-cache, must-revalidate" );
+header( "Pragma: no-cache" );
+
+
+$pgtitle = "Services: Snort: Updates";
+include_once("head.inc");
+
+?>
+
+<body link="#000000" vlink="#000000" alink="#000000">
+
+<?php
+echo "{$snort_general_css}\n";
+echo "$snort_interfaces_css\n";
+?>
+
+<?php include("fbegin.inc"); ?>
+
+<?if($pfsense_stable == 'yes'){echo '<p class="pgtitle">' . $pgtitle . '</p>';}?>
+
+<noscript>
+<div class="alert" ALIGN=CENTER><img
+ src="../themes/<?php echo $g['theme']; ?>/images/icons/icon_alert.gif" /><strong>Please
+enable JavaScript to view this content
+</CENTER></div>
+</noscript>
+
+<table width="100%" border="0" cellpadding="0" cellspacing="0">
+<tr><td>
+<?php
+ $tab_array = array();
+ $tab_array[0] = array(gettext("Snort Interfaces"), false, "/snort/snort_interfaces.php");
+ $tab_array[1] = array(gettext("Global Settings"), false, "/snort/snort_interfaces_global.php");
+ $tab_array[2] = array(gettext("Updates"), true, "/snort/snort_download_updates.php");
+ $tab_array[3] = array(gettext("Alerts"), false, "/snort/snort_alerts.php");
+ $tab_array[4] = array(gettext("Blocked"), false, "/snort/snort_blocked.php");
+ $tab_array[5] = array(gettext("Whitelists"), false, "/snort/snort_interfaces_whitelist.php");
+ $tab_array[6] = array(gettext("Suppress"), false, "/snort/snort_interfaces_suppress.php");
+ $tab_array[7] = array(gettext("Help"), false, "/snort/help_and_info.php");
+ display_top_tabs($tab_array);
+?>
+</td></tr>
+<tr>
+ <td>
+ <div id="mainarea3">
+ <table id="maintable4" class="tabcont" width="100%" border="0"
+ cellpadding="0" cellspacing="0">
+ <tr>
+ <td><!-- grey line -->
+ <table height="12px" width="725px" border="0" cellpadding="5px"
+ cellspacing="0">
+ <tr>
+ <td style='background-color: #eeeeee'>
+ <div height="12px" width="725px" style='background-color: #dddddd'>
+ </div>
+ </td>
+ </tr>
+ </table>
+
+ <br>
+
+ <table id="download_rules" height="32px" width="725px" border="0"
+ cellpadding="5px" cellspacing="0">
+ <tr>
+ <td id="download_rules_td" style="background-color: #eeeeee">
+ <div height="32" width="725px" style="background-color: #eeeeee">
+
+ <font color="#777777" size="1.5px"><b>INSTALLED SIGNATURE RULESET</b></font><br>
+ <br>
+ <p style="text-align: left; margin-left: 225px;"><font
+ color="#FF850A" size="1px"><b>SNORT.ORG >>></b></font><font
+ size="1px" color="#000000"> <? echo $snort_org_sig_chk_local; ?></font><br>
+ <font color="#FF850A" size="1px"><b>EMERGINGTHREATS.NET >>></b></font><font
+ size="1px" color="#000000"> <? echo $emergingt_net_sig_chk_local; ?></font><br>
+ <font color="#FF850A" size="1px"><b>PFSENSE.ORG >>></b></font><font
+ size="1px" color="#000000"> <? echo $pfsense_org_sig_chk_local; ?></font><br>
+ </p>
+
+ </div>
+ </td>
+ </tr>
+ </table>
+
+ <br>
+
+ <!-- grey line -->
+ <table height="12px" width="725px" border="0" cellpadding="5px"
+ cellspacing="0">
+ <tr>
+ <td style='background-color: #eeeeee'>
+ <div height="12px" width="725px" style='background-color: #eeeeee'>
+ </div>
+ </td>
+ </tr>
+ </table>
+
+ <br>
+
+ <table id="download_rules" height="32px" width="725px" border="0"
+ cellpadding="5px" cellspacing="0">
+ <tr>
+ <td id="download_rules_td" style='background-color: #eeeeee'>
+ <div height="32" width="725px" style='background-color: #eeeeee'>
+
+ <font color='#777777' size='1.5px'><b>UPDATE YOUR RULES</b></font><br>
+ <br>
+
+ <?php
+
+ if ($error_stop == 'true') {
+ echo '
+
+ <button class="sexybutton disabled" disabled="disabled"><span class="download">Update Rules </span></button><br/>
+ <p style="text-align:left; margin-left:150px;">
+ <font color="#fc3608" size="2px"><b>WARNING:</b></font><font size="1px" color="#000000"> No rule types have been selected for download. "Global Settings Tab"</font><br>';
+
+ if ($mfolder_chk == 'empty') {
+
+ echo '
+ <font color="#fc3608" size="2px"><b>WARNING:</b></font><font size="1px" color="#000000"> The main rules directory is empty. /usr/local/etc/snort/rules</font>' ."\n";
+ }
+
+ echo '</p>' . "\n";
+
+ }else{
+
+ echo '
+
+ <a href="/snort/snort_download_rules.php"><button class="sexybutton disabled"><span class="download">Update Rules </span></button></a><br/>' . "\n";
+
+ if ($mfolder_chk == 'empty') {
+
+ echo '
+ <p style="text-align:left; margin-left:150px;">
+ <font color="#fc3608" size="2px"><b>WARNING:</b></font><font size="1px" color="#000000"> The main rules directory is empty. /usr/local/etc/snort/rules</font>
+ </p>';
+ }
+
+ }
+
+ ?> <br>
+
+ </div>
+ </td>
+ </tr>
+ </table>
+
+ <br>
+
+ <table id="download_rules" height="32px" width="725px" border="0"
+ cellpadding="5px" cellspacing="0">
+ <tr>
+ <td id="download_rules_td" style='background-color: #eeeeee'>
+ <div height="32" width="725px" style='background-color: #eeeeee'>
+
+ <font color='#777777' size='1.5px'><b>VIEW UPDATE LOG</b></font><br>
+ <br>
+
+ <?php
+
+ if ($update_logfile_chk == 'yes') {
+ echo '
+ <button class="sexybutton sexysimple example9" href="/snort/snort_rules_edit.php?openruleset=/usr/local/etc/snort/snort_update.log"><span class="pwhitetxt">Update Log </span></button>' . "\n";
+ }else{
+ echo '
+ <button class="sexybutton disabled" disabled="disabled" href="/snort/snort_rules_edit.php?openruleset=/usr/local/etc/snort/snort_update.log"><span class="pwhitetxt">Update Log </span></button>' . "\n";
+ }
+
+ ?> <br>
+ <br>
+
+ </div>
+ </td>
+ </tr>
+ </table>
+
+ <br>
+
+ <table height="12px" width="725px" border="0" cellpadding="5px"
+ cellspacing="0">
+ <tr>
+ <td style='background-color: #eeeeee'>
+ <div height="12px" width="725px" style='background-color: #eeeeee'>
+ </div>
+ </td>
+ </tr>
+ </table>
+
+ <br>
+
+ <table id="download_rules" height="32px" width="725px" border="0"
+ cellpadding="5px" cellspacing="0">
+ <tr>
+ <td id="download_rules_td" style='background-color: #eeeeee'>
+ <div height="32" width="725px" style='background-color: #eeeeee'>
+
+ <img style='vertical-align: middle'
+ src="/snort/images/icon_excli.png" width="40" height="32"> <font
+ color='#FF850A' size='1px'><b>NOTE:</b></font><font size='1px'
+ color='#000000'> Snort.org and Emergingthreats.net
+ will go down from time to time. Please be patient.</font></div>
+ </td>
+ </tr>
+ </table>
+
+ <br>
+
+ <table height="12px" width="725px" border="0" cellpadding="5px"
+ cellspacing="0">
+ <tr>
+ <td style='background-color: #eeeeee'>
+ <div height="12px" width="725px" style='background-color: #eeeeee'>
+ </div>
+ </td>
+ </tr>
+ </table>
+
+ </td>
+ </tr>
+ </table>
+ </div>
+
+
+
+
+
+ <br>
+ </td>
+ </tr>
+</table>
+<!-- end of final table --></div>
+
+<?php include("fend.inc"); ?>
+
+<?php echo "$snort_custom_rnd_box\n"; ?>
+
+</body>
+</html>
diff --git a/config/snort-dev/snort_interfaces.php b/config/snort-dev/snort_interfaces.php index 86a9aff6..a9d9f99b 100644 --- a/config/snort-dev/snort_interfaces.php +++ b/config/snort-dev/snort_interfaces.php @@ -1,437 +1,448 @@ -<?php -/* $Id$ */ -/* - -originally part of m0n0wall (http://m0n0.ch/wall) -Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>. -Copyright (C) 2008-2009 Robert Zelaya. -Copyright (C) 2011 Ermal Luci -All rights reserved. - -Redistribution and use in source and binary forms, with or without -modification, are permitted provided that the following conditions are met: - -1. Redistributions of source code must retain the above copyright notice, -this list of conditions and the following disclaimer. - -2. Redistributions in binary form must reproduce the above copyright -notice, this list of conditions and the following disclaimer in the -documentation and/or other materials provided with the distribution. - -THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, -INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY -AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE -AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, -OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF -SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS -INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN -CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE -POSSIBILITY OF SUCH DAMAGE. -*/ - -$nocsrf = true; -require_once("guiconfig.inc"); -require_once("/usr/local/pkg/snort/snort_gui.inc"); -require_once("/usr/local/pkg/snort/snort.inc"); - -global $g; - -$id = $_GET['id']; -if (isset($_POST['id'])) - $id = $_POST['id']; - -if (!is_array($config['installedpackages']['snortglobal']['rule'])) - $config['installedpackages']['snortglobal']['rule'] = array(); -$a_nat = &$config['installedpackages']['snortglobal']['rule']; -$id_gen = count($config['installedpackages']['snortglobal']['rule']); - -if (isset($_POST['del_x'])) { - /* delete selected rules */ - if (is_array($_POST['rule'])) { - conf_mount_rw(); - foreach ($_POST['rule'] as $rulei) { - - /* convert fake interfaces to real */ - $if_real = snort_get_real_interface($a_nat[$rulei]['interface']); - $snort_uuid = $a_nat[$rulei]['uuid']; - - Running_Stop($snort_uuid,$if_real, $rulei); - - unset($a_nat[$rulei]); - } - conf_mount_ro(); - - write_config(); - sleep(2); - - /* if there are no ifaces do not create snort.sh */ - if (!empty($config['installedpackages']['snortglobal']['rule'])) - create_snort_sh(); - else { - conf_mount_rw(); - exec('/bin/rm /usr/local/etc/rc.d/snort.sh'); - conf_mount_ro(); - } - - sync_snort_package_config(); - - header( 'Expires: Sat, 26 Jul 1997 05:00:00 GMT' ); - header( 'Last-Modified: ' . gmdate( 'D, d M Y H:i:s' ) . ' GMT' ); - header( 'Cache-Control: no-store, no-cache, must-revalidate' ); - header( 'Cache-Control: post-check=0, pre-check=0', false ); - header( 'Pragma: no-cache' ); - header("Location: /snort/snort_interfaces.php"); - exit; - } - -} - - -/* start/stop snort */ -if ($_GET['act'] == 'toggle' && is_numeric($id)) { - - $if_real = snort_get_real_interface($config['installedpackages']['snortglobal']['rule'][$id]['interface']); - $snort_uuid = $config['installedpackages']['snortglobal']['rule'][$id]['uuid']; - - /* Log Iface stop */ - exec("/usr/bin/logger -p daemon.info -i -t SnortStartup 'Toggle for {$snort_uuid}_{$if_real}...'"); - - sync_snort_package_config(); - - $tester2 = Running_Ck($snort_uuid, $if_real, $id); - - if ($tester2 == 'yes') { - Running_Stop($snort_uuid, $if_real, $id); - - header( 'Expires: Sat, 26 Jul 1997 05:00:00 GMT' ); - header( 'Last-Modified: ' . gmdate( 'D, d M Y H:i:s' ) . ' GMT' ); - header( 'Cache-Control: no-store, no-cache, must-revalidate' ); - header( 'Cache-Control: post-check=0, pre-check=0', false ); - header( 'Pragma: no-cache' ); - - } else { - Running_Start($snort_uuid, $if_real, $id); - - header( 'Expires: Sat, 26 Jul 1997 05:00:00 GMT' ); - header( 'Last-Modified: ' . gmdate( 'D, d M Y H:i:s' ) . ' GMT' ); - header( 'Cache-Control: no-store, no-cache, must-revalidate' ); - header( 'Cache-Control: post-check=0, pre-check=0', false ); - header( 'Pragma: no-cache' ); - } - sleep(4); // So the GUI reports correctly - header("Location: /snort/snort_interfaces.php"); - exit; -} - - -$pgtitle = "Services: $snort_package_version"; -include_once("head.inc"); - -?> -<body link="#000000" vlink="#000000" alink="#000000"> - -<?php -echo "{$snort_general_css}\n"; -echo "$snort_interfaces_css\n"; - -include_once("fbegin.inc"); -if ($pfsense_stable == 'yes') - echo '<p class="pgtitle">' . $pgtitle . '</p>'; -?> - -<noscript> -<div class="alert" ALIGN=CENTER><img - src="../themes/<?php echo $g['theme']; ?>/images/icons/icon_alert.gif" /><strong>Please -enable JavaScript to view this content -</CENTER></div> -</noscript> - -<form action="snort_interfaces.php" method="post" enctype="multipart/form-data" name="iform" id="iform"> -<?php - /* Display Alert message */ - if ($input_errors) - print_input_errors($input_errors); // TODO: add checks - - if ($savemsg) - print_info_box2($savemsg); - - //if (file_exists($d_snortconfdirty_path)) { - if ($d_snortconfdirty_path_ls != '') { - echo '<p>'; - - if($savemsg) - print_info_box_np2("{$savemsg}"); - else { - print_info_box_np2(' - The Snort configuration has changed for one or more interfaces.<br> - You must apply the changes in order for them to take effect.<br> - '); - } - } -?> - -<table width="100%" border="0" cellpadding="0" cellspacing="0"> -<tr><td> -<?php - $tab_array = array(); - $tab_array[0] = array(gettext("Snort Interfaces"), true, "/snort/snort_interfaces.php"); - $tab_array[1] = array(gettext("Global Settings"), false, "/snort/snort_interfaces_global.php"); - $tab_array[2] = array(gettext("Updates"), false, "/snort/snort_download_updates.php"); - $tab_array[3] = array(gettext("Alerts"), false, "/snort/snort_alerts.php"); - $tab_array[4] = array(gettext("Blocked"), false, "/snort/snort_blocked.php"); - $tab_array[5] = array(gettext("Whitelists"), false, "/snort/snort_interfaces_whitelist.php"); - $tab_array[6] = array(gettext("Suppress"), false, "/snort/snort_interfaces_suppress.php"); - $tab_array[7] = array(gettext("Help"), false, "/snort/help_and_info.php"); - display_top_tabs($tab_array); -?> -</td></tr> -<tr> - <td> - <div id="mainarea2"> - <table class="tabcont" width="100%" border="0" cellpadding="0" - cellspacing="0"> - <tr id="frheader"> - <td width="5%" class="list"> </td> - <td width="1%" class="list"> </td> - <td width="10%" class="listhdrr">If</td> - <td width="10%" class="listhdrr">Snort</td> - <td width="10%" class="listhdrr">Performance</td> - <td width="10%" class="listhdrr">Block</td> - <td width="10%" class="listhdrr">Barnyard2</td> - <td width="50%" class="listhdr">Description</td> - <td width="3%" class="list"> - <table border="0" cellspacing="0" cellpadding="1"> - <tr> - <td width="17"></td> - <td><a href="snort_interfaces_edit.php?id=<?php echo $id_gen;?>"><img - src="../themes/<?= $g['theme']; ?>/images/icons/icon_plus.gif" - width="17" height="17" border="0"></a></td> - </tr> - </table> - </td> - </tr> - <?php $nnats = $i = 0; foreach ($a_nat as $natent): ?> - <tr valign="top" id="fr<?=$nnats;?>"> - <?php - - /* convert fake interfaces to real and check if iface is up */ - /* There has to be a smarter way to do this */ - $if_real = snort_get_real_interface($natent['interface']); - $snort_uuid = $natent['uuid']; - - $tester2 = Running_Ck($snort_uuid, $if_real, $id); - - if ($tester2 == 'no') { - $iconfn = 'pass'; - $class_color_up = 'listbg'; - }else{ - $class_color_up = 'listbg2'; - $iconfn = 'block'; - } - - ?> - <td class="listt"> - <a href="?act=toggle&id=<?=$i;?>"> - <img src="../themes/<?= $g['theme']; ?>/images/icons/icon_<?=$iconfn;?>.gif" - width="13" height="13" border="0" - title="click to toggle start/stop snort"></a> - <input type="checkbox" id="frc<?=$nnats;?>" name="rule[]" value="<?=$i;?>" onClick="fr_bgcolor('<?=$nnats;?>')" style="margin: 0; padding: 0;"></td> - <td class="listt" align="center"></td> - <td class="<?=$class_color_up;?>" onClick="fr_toggle(<?=$nnats;?>)" - id="frd<?=$nnats;?>" - ondblclick="document.location='snort_interfaces_edit.php?id=<?=$nnats;?>';"> - <?php - echo snort_get_friendly_interface($natent['interface']); - ?></td> - <td class="listr" onClick="fr_toggle(<?=$nnats;?>)" - id="frd<?=$nnats;?>" - ondblclick="document.location='snort_interfaces_edit.php?id=<?=$nnats;?>';"> - <?php - $check_snort_info = $config['installedpackages']['snortglobal']['rule'][$nnats]['enable']; - if ($check_snort_info == "on") - { - $check_snort = enabled; - } else { - $check_snort = disabled; - } - ?> <?=strtoupper($check_snort);?></td> - <td class="listr" onClick="fr_toggle(<?=$nnats;?>)" - id="frd<?=$nnats;?>" - ondblclick="document.location='snort_interfaces_edit.php?id=<?=$nnats;?>';"> - <?php - $check_performance_info = $config['installedpackages']['snortglobal']['rule'][$nnats]['performance']; - if ($check_performance_info != "") { - $check_performance = $check_performance_info; - }else{ - $check_performance = "lowmem"; - } - ?> <?=strtoupper($check_performance);?></td> - <td class="listr" onClick="fr_toggle(<?=$nnats;?>)" - id="frd<?=$nnats;?>" - ondblclick="document.location='snort_interfaces_edit.php?id=<?=$nnats;?>';"> - <?php - $check_blockoffenders_info = $config['installedpackages']['snortglobal']['rule'][$nnats]['blockoffenders7']; - if ($check_blockoffenders_info == "on") - { - $check_blockoffenders = enabled; - } else { - $check_blockoffenders = disabled; - } - ?> <?=strtoupper($check_blockoffenders);?></td> - <?php - - $color2_upb = Running_Ck_b($snort_uuid, $if_real, $id); - - if ($color2_upb == 'yes') { - $class_color_upb = 'listbg2'; - }else{ - $class_color_upb = 'listbg'; - } - - ?> - <td class="<?=$class_color_upb;?>" onClick="fr_toggle(<?=$nnats;?>)" - id="frd<?=$nnats;?>" - ondblclick="document.location='snort_interfaces_edit.php?id=<?=$nnats;?>';"> - <?php - $check_snortbarnyardlog_info = $config['installedpackages']['snortglobal']['rule'][$nnats]['barnyard_enable']; - if ($check_snortbarnyardlog_info == "on") - { - $check_snortbarnyardlog = strtoupper(enabled); - }else{ - $check_snortbarnyardlog = strtoupper(disabled); - } - ?> <?php echo "$check_snortbarnyardlog";?></td> - <td class="listbg3" onClick="fr_toggle(<?=$nnats;?>)" - ondblclick="document.location='snort_interfaces_edit.php?id=<?=$nnats;?>';"> - <font color="#ffffff"> <?=htmlspecialchars($natent['descr']);?> - </td> - <td valign="middle" class="list" nowrap> - <table border="0" cellspacing="0" cellpadding="1"> - <tr> - <td><a href="snort_interfaces_edit.php?id=<?=$i;?>"><img - src="/themes/<?= $g['theme']; ?>/images/icons/icon_e.gif" - width="17" height="17" border="0" title="edit rule"></a></td> - </tr> - </table> - - </tr> - <?php $i++; $nnats++; endforeach; ?> - <tr> - <td class="list" colspan="8"></td> - <td class="list" valign="middle" nowrap> - <table border="0" cellspacing="0" cellpadding="1"> - <tr> - <td><?php if ($nnats == 0): ?><img - src="../themes/<?= $g['theme']; ?>/images/icons/icon_x_d.gif" - width="17" height="17" title="delete selected rules" border="0"><?php else: ?><input - name="del" type="image" - src="../themes/<?= $g['theme']; ?>/images/icons/icon_x.gif" - width="17" height="17" title="delete selected mappings" - onclick="return confirm('Do you really want to delete the selected Snort Rule?')"><?php endif; ?></td> - </tr> - </table> - </td> - </tr> - </table> - </div> - </td> - </tr> -</table> - -<br> -<table width="100%" border="0" cellpadding="0" cellspacing="0"> - <tr> - <td> - <div id="mainarea4"> - <table class="tabcont" width="100%" border="0" cellpadding="0" - cellspacing="0"> - <tr id="frheader"> - <td width="100%"><span class="red"><strong>Note:</strong></span> <br> - This is the <strong>Snort Menu</strong> where you can see an over - view of all your interface settings. <br> - Please edit the <strong>Global Settings</strong> tab before adding - an interface. <br> - <br> - <span class="red"><strong>Warning:</strong></span> <br> - <strong>New settings will not take effect until interface restart.</strong> - <br> - <br> - <strong>Click</strong> on the <img - src="../themes/<?= $g['theme']; ?>/images/icons/icon_plus.gif" - width="17" height="17" border="0" title="Add Icon"> icon to add a - interface.<strong> Click</strong> - on the <img - src="../themes/<?= $g['theme']; ?>/images/icons/icon_pass.gif" - width="13" height="13" border="0" title="Start Icon"> icon to <strong>start</strong> - snort and barnyard2. <br> - <strong>Click</strong> on the <img - src="../themes/<?= $g['theme']; ?>/images/icons/icon_e.gif" - width="17" height="17" border="0" title="Edit Icon"> icon to edit a - interface and settings.<strong> Click</strong> - on the <img - src="../themes/<?= $g['theme']; ?>/images/icons/icon_block.gif" - width="13" height="13" border="0" title="Stop Icon"> icon to <strong>stop</strong> - snort and barnyard2. <br> - <strong> Click</strong> on the <img - src="../themes/<?= $g['theme']; ?>/images/icons/icon_x.gif" - width="17" height="17" border="0" title="Delete Icon"> icon to - delete a interface and settings.</td> - </tr> - </table> - </div> - - </tr> - </td> -</table> - - <?php - if ($pkg['tabs'] <> "") { - echo "</td></tr></table>"; - } - ?></form> -</div> - -<br> -<br> -<br> - -<style type="text/css"> -#footer2 { - position: relative; - background-color: transparent; - background-image: url("./images/logo22.png"); - background-repeat: no-repeat; - background-attachment: scroll; - background-position: 0% 0%; - top: 10px; - left: 0px; - width: 770px; - height: 60px; - color: #000000; - text-align: center; - font-size: 0.8em; - padding-top: 40px; - margin-bottom: -35px; - clear: both; -} -</style> - -<div id="footer2">SNORT registered � by Sourcefire, Inc, Barnyard2 -registered � by securixlive.com, Orion registered � by Robert Zelaya, -Emergingthreats registered � by emergingthreats.net, Mysql registered � -by Mysql.com</div> -<!-- Footer DIV --> - - <?php - - include("fend.inc"); - - echo $snort_custom_rnd_box; - - ?> - - - -</body> -</html> +<?php
+/* $Id$ */
+/*
+
+originally part of m0n0wall (http://m0n0.ch/wall)
+Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>.
+Copyright (C) 2008-2009 Robert Zelaya.
+Copyright (C) 2011 Ermal Luci
+All rights reserved.
+
+Redistribution and use in source and binary forms, with or without
+modification, are permitted provided that the following conditions are met:
+
+1. Redistributions of source code must retain the above copyright notice,
+this list of conditions and the following disclaimer.
+
+2. Redistributions in binary form must reproduce the above copyright
+notice, this list of conditions and the following disclaimer in the
+documentation and/or other materials provided with the distribution.
+
+THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
+INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
+AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
+OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+POSSIBILITY OF SUCH DAMAGE.
+*/
+
+$nocsrf = true;
+require_once("/usr/local/www/guiconfig.inc");
+require_once("/usr/local/pkg/snort/snort_gui.inc");
+require_once("/usr/local/pkg/snort/snort.inc");
+
+global $g;
+
+$id = $_GET['id'];
+if (isset($_POST['id']))
+ $id = $_POST['id'];
+
+if (!is_array($config['installedpackages']['snortglobal']['rule']))
+ $config['installedpackages']['snortglobal']['rule'] = array();
+$a_nat = &$config['installedpackages']['snortglobal']['rule'];
+$id_gen = count($config['installedpackages']['snortglobal']['rule']);
+
+if (isset($_POST['del_x'])) {
+ /* delete selected rules */
+ if (is_array($_POST['rule'])) {
+ conf_mount_rw();
+ foreach ($_POST['rule'] as $rulei) {
+
+ /* convert fake interfaces to real */
+ $if_real = snort_get_real_interface($a_nat[$rulei]['interface']);
+ $snort_uuid = $a_nat[$rulei]['uuid'];
+
+ Running_Stop($snort_uuid,$if_real, $rulei);
+
+ /* delete iface rule dirs */
+ if (file_exists("/usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}")) {
+ exec("/bin/rm -r /usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}");
+ }
+ if (file_exists("/var/log/snort/{$snort_uuid}_{$if_real}")) {
+ exec("/bin/rm -r /var/log/snort/{$snort_uuid}_{$if_real}");
+ }
+ if (file_exists("/var/log/snort/barnyard2/{$snort_uuid}_{$if_real}")) {
+ exec("/bin/rm -r /var/log/snort/barnyard2/{$snort_uuid}_{$if_real}");
+ }
+
+ unset($a_nat[$rulei]);
+ }
+ conf_mount_ro();
+
+ write_config();
+ sleep(2);
+
+ /* if there are no ifaces do not create snort.sh */
+ if (!empty($config['installedpackages']['snortglobal']['rule']))
+ create_snort_sh();
+ else {
+ conf_mount_rw();
+ exec('/bin/rm /usr/local/etc/rc.d/snort.sh');
+ conf_mount_ro();
+ }
+
+ sync_snort_package_config();
+
+ header( 'Expires: Sat, 26 Jul 1997 05:00:00 GMT' );
+ header( 'Last-Modified: ' . gmdate( 'D, d M Y H:i:s' ) . ' GMT' );
+ header( 'Cache-Control: no-store, no-cache, must-revalidate' );
+ header( 'Cache-Control: post-check=0, pre-check=0', false );
+ header( 'Pragma: no-cache' );
+ header("Location: /snort/snort_interfaces.php");
+ exit;
+ }
+
+}
+
+
+/* start/stop snort */
+if ($_GET['act'] == 'toggle' && is_numeric($id)) {
+
+ $if_real = snort_get_real_interface($config['installedpackages']['snortglobal']['rule'][$id]['interface']);
+ $snort_uuid = $config['installedpackages']['snortglobal']['rule'][$id]['uuid'];
+
+ /* Log Iface stop */
+ exec("/usr/bin/logger -p daemon.info -i -t SnortStartup 'Toggle for {$snort_uuid}_{$if_real}...'");
+
+ sync_snort_package_config();
+
+ $tester2 = Running_Ck($snort_uuid, $if_real, $id);
+
+ if ($tester2 == 'yes') {
+ Running_Stop($snort_uuid, $if_real, $id);
+
+ header( 'Expires: Sat, 26 Jul 1997 05:00:00 GMT' );
+ header( 'Last-Modified: ' . gmdate( 'D, d M Y H:i:s' ) . ' GMT' );
+ header( 'Cache-Control: no-store, no-cache, must-revalidate' );
+ header( 'Cache-Control: post-check=0, pre-check=0', false );
+ header( 'Pragma: no-cache' );
+
+ } else {
+ Running_Start($snort_uuid, $if_real, $id);
+
+ header( 'Expires: Sat, 26 Jul 1997 05:00:00 GMT' );
+ header( 'Last-Modified: ' . gmdate( 'D, d M Y H:i:s' ) . ' GMT' );
+ header( 'Cache-Control: no-store, no-cache, must-revalidate' );
+ header( 'Cache-Control: post-check=0, pre-check=0', false );
+ header( 'Pragma: no-cache' );
+ }
+ sleep(4); // So the GUI reports correctly
+ header("Location: /snort/snort_interfaces.php");
+ exit;
+}
+
+
+$pgtitle = "Services: $snort_package_version";
+include_once("head.inc");
+
+?>
+<body link="#000000" vlink="#000000" alink="#000000">
+
+<?php
+echo "{$snort_general_css}\n";
+echo "$snort_interfaces_css\n";
+
+include_once("fbegin.inc");
+if ($pfsense_stable == 'yes')
+ echo '<p class="pgtitle">' . $pgtitle . '</p>';
+?>
+
+<noscript>
+<div class="alert" ALIGN=CENTER><img
+ src="../themes/<?php echo $g['theme']; ?>/images/icons/icon_alert.gif" /><strong>Please
+enable JavaScript to view this content
+</CENTER></div>
+</noscript>
+
+<form action="snort_interfaces.php" method="post" enctype="multipart/form-data" name="iform" id="iform">
+<?php
+ /* Display Alert message */
+ if ($input_errors)
+ print_input_errors($input_errors); // TODO: add checks
+
+ if ($savemsg)
+ print_info_box2($savemsg);
+
+ //if (file_exists($d_snortconfdirty_path)) {
+ if ($d_snortconfdirty_path_ls != '') {
+ echo '<p>';
+
+ if($savemsg)
+ print_info_box_np2("{$savemsg}");
+ else {
+ print_info_box_np2('
+ The Snort configuration has changed for one or more interfaces.<br>
+ You must apply the changes in order for them to take effect.<br>
+ ');
+ }
+ }
+?>
+
+<table width="100%" border="0" cellpadding="0" cellspacing="0">
+<tr><td>
+<?php
+ $tab_array = array();
+ $tab_array[0] = array(gettext("Snort Interfaces"), true, "/snort/snort_interfaces.php");
+ $tab_array[1] = array(gettext("Global Settings"), false, "/snort/snort_interfaces_global.php");
+ $tab_array[2] = array(gettext("Updates"), false, "/snort/snort_download_updates.php");
+ $tab_array[3] = array(gettext("Alerts"), false, "/snort/snort_alerts.php");
+ $tab_array[4] = array(gettext("Blocked"), false, "/snort/snort_blocked.php");
+ $tab_array[5] = array(gettext("Whitelists"), false, "/snort/snort_interfaces_whitelist.php");
+ $tab_array[6] = array(gettext("Suppress"), false, "/snort/snort_interfaces_suppress.php");
+ $tab_array[7] = array(gettext("Help"), false, "/snort/help_and_info.php");
+ display_top_tabs($tab_array);
+?>
+</td></tr>
+<tr>
+ <td>
+ <div id="mainarea2">
+ <table class="tabcont" width="100%" border="0" cellpadding="0"
+ cellspacing="0">
+ <tr id="frheader">
+ <td width="5%" class="list"> </td>
+ <td width="1%" class="list"> </td>
+ <td width="10%" class="listhdrr">If</td>
+ <td width="10%" class="listhdrr">Snort</td>
+ <td width="10%" class="listhdrr">Performance</td>
+ <td width="10%" class="listhdrr">Block</td>
+ <td width="10%" class="listhdrr">Barnyard2</td>
+ <td width="50%" class="listhdr">Description</td>
+ <td width="3%" class="list">
+ <table border="0" cellspacing="0" cellpadding="1">
+ <tr>
+ <td width="17"></td>
+ <td><a href="snort_interfaces_edit.php?id=<?php echo $id_gen;?>"><img
+ src="../themes/<?= $g['theme']; ?>/images/icons/icon_plus.gif"
+ width="17" height="17" border="0"></a></td>
+ </tr>
+ </table>
+ </td>
+ </tr>
+ <?php $nnats = $i = 0; foreach ($a_nat as $natent): ?>
+ <tr valign="top" id="fr<?=$nnats;?>">
+ <?php
+
+ /* convert fake interfaces to real and check if iface is up */
+ /* There has to be a smarter way to do this */
+ $if_real = snort_get_real_interface($natent['interface']);
+ $snort_uuid = $natent['uuid'];
+
+ $tester2 = Running_Ck($snort_uuid, $if_real, $id);
+
+ if ($tester2 == 'no') {
+ $iconfn = 'pass';
+ $class_color_up = 'listbg';
+ }else{
+ $class_color_up = 'listbg2';
+ $iconfn = 'block';
+ }
+
+ ?>
+ <td class="listt">
+ <a href="?act=toggle&id=<?=$i;?>">
+ <img src="../themes/<?= $g['theme']; ?>/images/icons/icon_<?=$iconfn;?>.gif"
+ width="13" height="13" border="0"
+ title="click to toggle start/stop snort"></a>
+ <input type="checkbox" id="frc<?=$nnats;?>" name="rule[]" value="<?=$i;?>" onClick="fr_bgcolor('<?=$nnats;?>')" style="margin: 0; padding: 0;"></td>
+ <td class="listt" align="center"></td>
+ <td class="<?=$class_color_up;?>" onClick="fr_toggle(<?=$nnats;?>)"
+ id="frd<?=$nnats;?>"
+ ondblclick="document.location='snort_interfaces_edit.php?id=<?=$nnats;?>';">
+ <?php
+ echo snort_get_friendly_interface($natent['interface']);
+ ?></td>
+ <td class="listr" onClick="fr_toggle(<?=$nnats;?>)"
+ id="frd<?=$nnats;?>"
+ ondblclick="document.location='snort_interfaces_edit.php?id=<?=$nnats;?>';">
+ <?php
+ $check_snort_info = $config['installedpackages']['snortglobal']['rule'][$nnats]['enable'];
+ if ($check_snort_info == "on")
+ {
+ $check_snort = enabled;
+ } else {
+ $check_snort = disabled;
+ }
+ ?> <?=strtoupper($check_snort);?></td>
+ <td class="listr" onClick="fr_toggle(<?=$nnats;?>)"
+ id="frd<?=$nnats;?>"
+ ondblclick="document.location='snort_interfaces_edit.php?id=<?=$nnats;?>';">
+ <?php
+ $check_performance_info = $config['installedpackages']['snortglobal']['rule'][$nnats]['performance'];
+ if ($check_performance_info != "") {
+ $check_performance = $check_performance_info;
+ }else{
+ $check_performance = "lowmem";
+ }
+ ?> <?=strtoupper($check_performance);?></td>
+ <td class="listr" onClick="fr_toggle(<?=$nnats;?>)"
+ id="frd<?=$nnats;?>"
+ ondblclick="document.location='snort_interfaces_edit.php?id=<?=$nnats;?>';">
+ <?php
+ $check_blockoffenders_info = $config['installedpackages']['snortglobal']['rule'][$nnats]['blockoffenders7'];
+ if ($check_blockoffenders_info == "on")
+ {
+ $check_blockoffenders = enabled;
+ } else {
+ $check_blockoffenders = disabled;
+ }
+ ?> <?=strtoupper($check_blockoffenders);?></td>
+ <?php
+
+ $color2_upb = Running_Ck_b($snort_uuid, $if_real, $id);
+
+ if ($color2_upb == 'yes') {
+ $class_color_upb = 'listbg2';
+ }else{
+ $class_color_upb = 'listbg';
+ }
+
+ ?>
+ <td class="<?=$class_color_upb;?>" onClick="fr_toggle(<?=$nnats;?>)"
+ id="frd<?=$nnats;?>"
+ ondblclick="document.location='snort_interfaces_edit.php?id=<?=$nnats;?>';">
+ <?php
+ $check_snortbarnyardlog_info = $config['installedpackages']['snortglobal']['rule'][$nnats]['barnyard_enable'];
+ if ($check_snortbarnyardlog_info == "on")
+ {
+ $check_snortbarnyardlog = strtoupper(enabled);
+ }else{
+ $check_snortbarnyardlog = strtoupper(disabled);
+ }
+ ?> <?php echo "$check_snortbarnyardlog";?></td>
+ <td class="listbg3" onClick="fr_toggle(<?=$nnats;?>)"
+ ondblclick="document.location='snort_interfaces_edit.php?id=<?=$nnats;?>';">
+ <font color="#ffffff"> <?=htmlspecialchars($natent['descr']);?>
+ </td>
+ <td valign="middle" class="list" nowrap>
+ <table border="0" cellspacing="0" cellpadding="1">
+ <tr>
+ <td><a href="snort_interfaces_edit.php?id=<?=$i;?>"><img
+ src="/themes/<?= $g['theme']; ?>/images/icons/icon_e.gif"
+ width="17" height="17" border="0" title="edit rule"></a></td>
+ </tr>
+ </table>
+
+ </tr>
+ <?php $i++; $nnats++; endforeach; ?>
+ <tr>
+ <td class="list" colspan="8"></td>
+ <td class="list" valign="middle" nowrap>
+ <table border="0" cellspacing="0" cellpadding="1">
+ <tr>
+ <td><?php if ($nnats == 0): ?><img
+ src="../themes/<?= $g['theme']; ?>/images/icons/icon_x_d.gif"
+ width="17" height="17" title="delete selected rules" border="0"><?php else: ?><input
+ name="del" type="image"
+ src="../themes/<?= $g['theme']; ?>/images/icons/icon_x.gif"
+ width="17" height="17" title="delete selected mappings"
+ onclick="return confirm('Do you really want to delete the selected Snort Rule?')"><?php endif; ?></td>
+ </tr>
+ </table>
+ </td>
+ </tr>
+ </table>
+ </div>
+ </td>
+ </tr>
+</table>
+
+<br>
+<table width="100%" border="0" cellpadding="0" cellspacing="0">
+ <tr>
+ <td>
+ <div id="mainarea4">
+ <table class="tabcont" width="100%" border="0" cellpadding="0"
+ cellspacing="0">
+ <tr id="frheader">
+ <td width="100%"><span class="red"><strong>Note:</strong></span> <br>
+ This is the <strong>Snort Menu</strong> where you can see an over
+ view of all your interface settings. <br>
+ Please edit the <strong>Global Settings</strong> tab before adding
+ an interface. <br>
+ <br>
+ <span class="red"><strong>Warning:</strong></span> <br>
+ <strong>New settings will not take effect until interface restart.</strong>
+ <br>
+ <br>
+ <strong>Click</strong> on the <img
+ src="../themes/<?= $g['theme']; ?>/images/icons/icon_plus.gif"
+ width="17" height="17" border="0" title="Add Icon"> icon to add a
+ interface.<strong> Click</strong>
+ on the <img
+ src="../themes/<?= $g['theme']; ?>/images/icons/icon_pass.gif"
+ width="13" height="13" border="0" title="Start Icon"> icon to <strong>start</strong>
+ snort and barnyard2. <br>
+ <strong>Click</strong> on the <img
+ src="../themes/<?= $g['theme']; ?>/images/icons/icon_e.gif"
+ width="17" height="17" border="0" title="Edit Icon"> icon to edit a
+ interface and settings.<strong> Click</strong>
+ on the <img
+ src="../themes/<?= $g['theme']; ?>/images/icons/icon_block.gif"
+ width="13" height="13" border="0" title="Stop Icon"> icon to <strong>stop</strong>
+ snort and barnyard2. <br>
+ <strong> Click</strong> on the <img
+ src="../themes/<?= $g['theme']; ?>/images/icons/icon_x.gif"
+ width="17" height="17" border="0" title="Delete Icon"> icon to
+ delete a interface and settings.</td>
+ </tr>
+ </table>
+ </div>
+
+ </tr>
+ </td>
+</table>
+
+ <?php
+ if ($pkg['tabs'] <> "") {
+ echo "</td></tr></table>";
+ }
+ ?></form>
+</div>
+
+<br>
+<br>
+<br>
+
+<style type="text/css">
+#footer2 {
+ position: relative;
+ background-color: transparent;
+ background-image: url("./images/logo22.png");
+ background-repeat: no-repeat;
+ background-attachment: scroll;
+ background-position: 0% 0%;
+ top: 10px;
+ left: 0px;
+ width: 770px;
+ height: 60px;
+ color: #000000;
+ text-align: center;
+ font-size: 0.8em;
+ padding-top: 40px;
+ margin-bottom: -35px;
+ clear: both;
+}
+</style>
+
+<div id="footer2">SNORT registered � by Sourcefire, Inc, Barnyard2
+registered � by securixlive.com, Orion registered � by Robert Zelaya,
+Emergingthreats registered � by emergingthreats.net, Mysql registered �
+by Mysql.com</div>
+<!-- Footer DIV -->
+
+ <?php
+
+ include("fend.inc");
+
+ echo $snort_custom_rnd_box;
+
+ ?>
+
+
+
+</body>
+</html>
diff --git a/config/snort-dev/snort_interfaces_edit.php b/config/snort-dev/snort_interfaces_edit.php index f3d96848..01eed2e7 100644 --- a/config/snort-dev/snort_interfaces_edit.php +++ b/config/snort-dev/snort_interfaces_edit.php @@ -1,733 +1,755 @@ -<?php -/* - snort_interfaces_edit.php - part of m0n0wall (http://m0n0.ch/wall) - - Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>. - Copyright (C) 2008-2009 Robert Zelaya. - Copyright (C) 2011 Ermal Luci - All rights reserved. - - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions are met: - - 1. Redistributions of source code must retain the above copyright notice, - this list of conditions and the following disclaimer. - - 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. - - THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, - INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY - AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, - OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - POSSIBILITY OF SUCH DAMAGE. - */ - -require_once("guiconfig.inc"); -require_once("/usr/local/pkg/snort/snort_gui.inc"); -require_once("/usr/local/pkg/snort/snort.inc"); - -global $g; - -if (!is_array($config['installedpackages']['snortglobal']['rule'])) - $config['installedpackages']['snortglobal']['rule'] = array(); -$a_nat = &$config['installedpackages']['snortglobal']['rule']; - -$id = $_GET['id']; -if (isset($_POST['id'])) - $id = $_POST['id']; -if (is_null($id)) { - header("Location: /snort/snort_interfaces.php"); - exit; -} - -if (isset($_GET['dup'])) { - $id = $_GET['dup']; - $after = $_GET['dup']; -} - - -/* always have a limit of (65535) numbers only or snort will not start do to id limits */ -/* TODO: When inline gets added make the uuid the port number lisstening */ -$pconfig = array(); - -/* gen uuid for each iface !inportant */ -if (empty($config['installedpackages']['snortglobal']['rule'][$id]['uuid'])) { - //$snort_uuid = gen_snort_uuid(strrev(uniqid(true))); - $snort_uuid = 0; - while ($snort_uuid > 65535 || $snort_uuid == 0) { - $snort_uuid = mt_rand(1, 65535); - $pconfig['uuid'] = $snort_uuid; - } -} else { - $snort_uuid = $a_nat[$id]['uuid']; - $pconfig['uuid'] = $snort_uuid; -} - -if (isset($id) && $a_nat[$id]) { - - /* old options */ - $pconfig['def_ssl_ports_ignore'] = $a_nat[$id]['def_ssl_ports_ignore']; - $pconfig['flow_depth'] = $a_nat[$id]['flow_depth']; - $pconfig['max_queued_bytes'] = $a_nat[$id]['max_queued_bytes']; - $pconfig['max_queued_segs'] = $a_nat[$id]['max_queued_segs']; - $pconfig['perform_stat'] = $a_nat[$id]['perform_stat']; - $pconfig['http_inspect'] = $a_nat[$id]['http_inspect']; - $pconfig['other_preprocs'] = $a_nat[$id]['other_preprocs']; - $pconfig['ftp_preprocessor'] = $a_nat[$id]['ftp_preprocessor']; - $pconfig['smtp_preprocessor'] = $a_nat[$id]['smtp_preprocessor']; - $pconfig['sf_portscan'] = $a_nat[$id]['sf_portscan']; - $pconfig['dce_rpc_2'] = $a_nat[$id]['dce_rpc_2']; - $pconfig['dns_preprocessor'] = $a_nat[$id]['dns_preprocessor']; - $pconfig['def_dns_servers'] = $a_nat[$id]['def_dns_servers']; - $pconfig['def_dns_ports'] = $a_nat[$id]['def_dns_ports']; - $pconfig['def_smtp_servers'] = $a_nat[$id]['def_smtp_servers']; - $pconfig['def_smtp_ports'] = $a_nat[$id]['def_smtp_ports']; - $pconfig['def_mail_ports'] = $a_nat[$id]['def_mail_ports']; - $pconfig['def_http_servers'] = $a_nat[$id]['def_http_servers']; - $pconfig['def_www_servers'] = $a_nat[$id]['def_www_servers']; - $pconfig['def_http_ports'] = $a_nat[$id]['def_http_ports']; - $pconfig['def_sql_servers'] = $a_nat[$id]['def_sql_servers']; - $pconfig['def_oracle_ports'] = $a_nat[$id]['def_oracle_ports']; - $pconfig['def_mssql_ports'] = $a_nat[$id]['def_mssql_ports']; - $pconfig['def_telnet_servers'] = $a_nat[$id]['def_telnet_servers']; - $pconfig['def_telnet_ports'] = $a_nat[$id]['def_telnet_ports']; - $pconfig['def_snmp_servers'] = $a_nat[$id]['def_snmp_servers']; - $pconfig['def_snmp_ports'] = $a_nat[$id]['def_snmp_ports']; - $pconfig['def_ftp_servers'] = $a_nat[$id]['def_ftp_servers']; - $pconfig['def_ftp_ports'] = $a_nat[$id]['def_ftp_ports']; - $pconfig['def_ssh_servers'] = $a_nat[$id]['def_ssh_servers']; - $pconfig['def_ssh_ports'] = $a_nat[$id]['def_ssh_ports']; - $pconfig['def_pop_servers'] = $a_nat[$id]['def_pop_servers']; - $pconfig['def_pop2_ports'] = $a_nat[$id]['def_pop2_ports']; - $pconfig['def_pop3_ports'] = $a_nat[$id]['def_pop3_ports']; - $pconfig['def_imap_servers'] = $a_nat[$id]['def_imap_servers']; - $pconfig['def_imap_ports'] = $a_nat[$id]['def_imap_ports']; - $pconfig['def_sip_proxy_ip'] = $a_nat[$id]['def_sip_proxy_ip']; - $pconfig['def_sip_servers'] = $a_nat[$id]['def_sip_servers']; - $pconfig['def_sip_ports'] = $a_nat[$id]['def_sip_ports']; - $pconfig['def_sip_proxy_ports'] = $a_nat[$id]['def_sip_proxy_ports']; - $pconfig['def_auth_ports'] = $a_nat[$id]['def_auth_ports']; - $pconfig['def_finger_ports'] = $a_nat[$id]['def_finger_ports']; - $pconfig['def_irc_ports'] = $a_nat[$id]['def_irc_ports']; - $pconfig['def_nntp_ports'] = $a_nat[$id]['def_nntp_ports']; - $pconfig['def_rlogin_ports'] = $a_nat[$id]['def_rlogin_ports']; - $pconfig['def_rsh_ports'] = $a_nat[$id]['def_rsh_ports']; - $pconfig['def_ssl_ports'] = $a_nat[$id]['def_ssl_ports']; - $pconfig['barnyard_enable'] = $a_nat[$id]['barnyard_enable']; - $pconfig['barnyard_mysql'] = $a_nat[$id]['barnyard_mysql']; - $pconfig['enable'] = $a_nat[$id]['enable']; - $pconfig['interface'] = $a_nat[$id]['interface']; - $pconfig['descr'] = $a_nat[$id]['descr']; - $pconfig['performance'] = $a_nat[$id]['performance']; - $pconfig['blockoffenders7'] = $a_nat[$id]['blockoffenders7']; - $pconfig['blockoffenderskill'] = $a_nat[$id]['blockoffenderskill']; - $pconfig['blockoffendersip'] = $a_nat[$id]['blockoffendersip']; - $pconfig['whitelistname'] = $a_nat[$id]['whitelistname']; - $pconfig['homelistname'] = $a_nat[$id]['homelistname']; - $pconfig['externallistname'] = $a_nat[$id]['externallistname']; - $pconfig['suppresslistname'] = $a_nat[$id]['suppresslistname']; - $pconfig['snortalertlogtype'] = $a_nat[$id]['snortalertlogtype']; - $pconfig['alertsystemlog'] = $a_nat[$id]['alertsystemlog']; - $pconfig['tcpdumplog'] = $a_nat[$id]['tcpdumplog']; - $pconfig['snortunifiedlog'] = $a_nat[$id]['snortunifiedlog']; - $pconfig['configpassthru'] = base64_decode($a_nat[$id]['configpassthru']); - $pconfig['barnconfigpassthru'] = $a_nat[$id]['barnconfigpassthru']; - $pconfig['rulesets'] = $a_nat[$id]['rulesets']; - $pconfig['rule_sid_off'] = $a_nat[$id]['rule_sid_off']; - $pconfig['rule_sid_on'] = $a_nat[$id]['rule_sid_on']; - - - if (!$pconfig['interface']) - $pconfig['interface'] = "wan"; - } else - $pconfig['interface'] = "wan"; - -/* convert fake interfaces to real */ -$if_real = snort_get_real_interface($pconfig['interface']); - -if (isset($_GET['dup'])) - unset($id); - - /* alert file */ - $d_snortconfdirty_path = "/var/run/snort_conf_{$snort_uuid}_{$if_real}.dirty"; - - if ($_POST["Submit"]) { - - if ($_POST['descr'] == '' && $pconfig['descr'] == '') { - $input_errors[] = "Please enter a description for your reference."; - } - - if ($id == "" && $config['installedpackages']['snortglobal']['rule'][0]['interface'] != "") { - - $rule_array = $config['installedpackages']['snortglobal']['rule']; - foreach ($config['installedpackages']['snortglobal']['rule'] as $value) { - - $result_lan = $value['interface']; - $if_real = snort_get_real_interface($result_lan); - - if ($_POST['interface'] == $result_lan) - $input_errors[] = "Interface $result_lan is in use. Please select another interface."; - } - } - - /* XXX: Void code - * check for overlaps - foreach ($a_nat as $natent) { - if (isset($id) && ($a_nat[$id]) && ($a_nat[$id] === $natent)) - continue; - if ($natent['interface'] != $_POST['interface']) - continue; - } - */ - - /* if no errors write to conf */ - if (!$input_errors) { - $natent = array(); - - /* write to conf for 1st time or rewrite the answer */ - if ($_POST['interface']) - $natent['interface'] = $_POST['interface']; - - /* if post write to conf or rewite the answer */ - $natent['enable'] = $_POST['enable'] ? 'on' : 'off'; - $natent['uuid'] = $pconfig['uuid']; - $natent['descr'] = $_POST['descr'] ? $_POST['descr'] : $pconfig['descr']; - $natent['performance'] = $_POST['performance'] ? $_POST['performance'] : $pconfig['performance']; - /* if post = on use on off or rewrite the conf */ - if ($_POST['blockoffenders7'] == "on") - $natent['blockoffenders7'] = 'on'; - else - $natent['blockoffenders7'] = 'off'; - if ($_POST['blockoffenderskill'] == "on") - $natent['blockoffenderskill'] = 'on'; - if ($_POST['blockoffendersip']) - $natent['blockoffendersip'] = $_POST['blockoffendersip']; - - $natent['whitelistname'] = $_POST['whitelistname'] ? $_POST['whitelistname'] : $pconfig['whitelistname']; - $natent['homelistname'] = $_POST['homelistname'] ? $_POST['homelistname'] : $pconfig['homelistname']; - $natent['externallistname'] = $_POST['externallistname'] ? $_POST['externallistname'] : $pconfig['externallistname']; - $natent['suppresslistname'] = $_POST['suppresslistname'] ? $_POST['suppresslistname'] : $pconfig['suppresslistname']; - $natent['snortalertlogtype'] = $_POST['snortalertlogtype'] ? $_POST['snortalertlogtype'] : $pconfig['snortalertlogtype']; - if ($_POST['alertsystemlog'] == "on") { $natent['alertsystemlog'] = 'on'; }else{ $natent['alertsystemlog'] = 'off'; } - if ($_POST['enable']) { $natent['enable'] = 'on'; } else unset($natent['enable']); - if ($_POST['tcpdumplog'] == "on") { $natent['tcpdumplog'] = 'on'; }else{ $natent['tcpdumplog'] = 'off'; } - if ($_POST['snortunifiedlog'] == "on") { $natent['snortunifiedlog'] = 'on'; }else{ $natent['snortunifiedlog'] = 'off'; } - $natent['configpassthru'] = $_POST['configpassthru'] ? base64_encode($_POST['configpassthru']) : $pconfig['configpassthru']; - /* if optiion = 0 then the old descr way will not work */ - - /* rewrite the options that are not in post */ - /* make shure values are set befor repost or conf.xml will be broken */ - if ($pconfig['def_ssl_ports_ignore'] != "") { $natent['def_ssl_ports_ignore'] = $pconfig['def_ssl_ports_ignore']; } - if ($pconfig['flow_depth'] != "") { $natent['flow_depth'] = $pconfig['flow_depth']; } - if ($pconfig['max_queued_bytes'] != "") { $natent['max_queued_bytes'] = $pconfig['max_queued_bytes']; } - if ($pconfig['max_queued_segs'] != "") { $natent['max_queued_segs'] = $pconfig['max_queued_segs']; } - if ($pconfig['perform_stat'] != "") { $natent['perform_stat'] = $pconfig['perform_stat']; } - if ($pconfig['http_inspect'] != "") { $natent['http_inspect'] = $pconfig['http_inspect']; } - if ($pconfig['other_preprocs'] != "") { $natent['other_preprocs'] = $pconfig['other_preprocs']; } - if ($pconfig['ftp_preprocessor'] != "") { $natent['ftp_preprocessor'] = $pconfig['ftp_preprocessor']; } - if ($pconfig['smtp_preprocessor'] != "") { $natent['smtp_preprocessor'] = $pconfig['smtp_preprocessor']; } - if ($pconfig['sf_portscan'] != "") { $natent['sf_portscan'] = $pconfig['sf_portscan']; } - if ($pconfig['dce_rpc_2'] != "") { $natent['dce_rpc_2'] = $pconfig['dce_rpc_2']; } - if ($pconfig['dns_preprocessor'] != "") { $natent['dns_preprocessor'] = $pconfig['dns_preprocessor']; } - if ($pconfig['def_dns_servers'] != "") { $natent['def_dns_servers'] = $pconfig['def_dns_servers']; } - if ($pconfig['def_dns_ports'] != "") { $natent['def_dns_ports'] = $pconfig['def_dns_ports']; } - if ($pconfig['def_smtp_servers'] != "") { $natent['def_smtp_servers'] = $pconfig['def_smtp_servers']; } - if ($pconfig['def_smtp_ports'] != "") { $natent['def_smtp_ports'] = $pconfig['def_smtp_ports']; } - if ($pconfig['def_mail_ports'] != "") { $natent['def_mail_ports'] = $pconfig['def_mail_ports']; } - if ($pconfig['def_http_servers'] != "") { $natent['def_http_servers'] = $pconfig['def_http_servers']; } - if ($pconfig['def_www_servers'] != "") { $natent['def_www_servers'] = $pconfig['def_www_servers']; } - if ($pconfig['def_http_ports'] != "") { $natent['def_http_ports'] = $pconfig['def_http_ports']; } - if ($pconfig['def_sql_servers'] != "") { $natent['def_sql_servers'] = $pconfig['def_sql_servers']; } - if ($pconfig['def_oracle_ports'] != "") { $natent['def_oracle_ports'] = $pconfig['def_oracle_ports']; } - if ($pconfig['def_mssql_ports'] != "") { $natent['def_mssql_ports'] = $pconfig['def_mssql_ports']; } - if ($pconfig['def_telnet_servers'] != "") { $natent['def_telnet_servers'] = $pconfig['def_telnet_servers']; } - if ($pconfig['def_telnet_ports'] != "") { $natent['def_telnet_ports'] = $pconfig['def_telnet_ports']; } - if ($pconfig['def_snmp_servers'] != "") { $natent['def_snmp_servers'] = $pconfig['def_snmp_servers']; } - if ($pconfig['def_snmp_ports'] != "") { $natent['def_snmp_ports'] = $pconfig['def_snmp_ports']; } - if ($pconfig['def_ftp_servers'] != "") { $natent['def_ftp_servers'] = $pconfig['def_ftp_servers']; } - if ($pconfig['def_ftp_ports'] != "") { $natent['def_ftp_ports'] = $pconfig['def_ftp_ports']; } - if ($pconfig['def_ssh_servers'] != "") { $natent['def_ssh_servers'] = $pconfig['def_ssh_servers']; } - if ($pconfig['def_ssh_ports'] != "") { $natent['def_ssh_ports'] = $pconfig['def_ssh_ports']; } - if ($pconfig['def_pop_servers'] != "") { $natent['def_pop_servers'] = $pconfig['def_pop_servers']; } - if ($pconfig['def_pop2_ports'] != "") { $natent['def_pop2_ports'] = $pconfig['def_pop2_ports']; } - if ($pconfig['def_pop3_ports'] != "") { $natent['def_pop3_ports'] = $pconfig['def_pop3_ports']; } - if ($pconfig['def_imap_servers'] != "") { $natent['def_imap_servers'] = $pconfig['def_imap_servers']; } - if ($pconfig['def_imap_ports'] != "") { $natent['def_imap_ports'] = $pconfig['def_imap_ports']; } - if ($pconfig['def_sip_proxy_ip'] != "") { $natent['def_sip_proxy_ip'] = $pconfig['def_sip_proxy_ip']; } - if ($pconfig['def_sip_servers'] != "") { $natent['def_sip_servers'] = $pconfig['def_sip_servers']; }else{ $natent['def_sip_servers'] = ""; } - if ($pconfig['def_sip_ports'] != "") { $natent['def_sip_ports'] = $pconfig['def_sip_ports']; }else{ $natent['def_sip_ports'] = ""; } - if ($pconfig['def_sip_proxy_ports'] != "") { $natent['def_sip_proxy_ports'] = $pconfig['def_sip_proxy_ports']; } - if ($pconfig['def_auth_ports'] != "") { $natent['def_auth_ports'] = $pconfig['def_auth_ports']; } - if ($pconfig['def_finger_ports'] != "") { $natent['def_finger_ports'] = $pconfig['def_finger_ports']; } - if ($pconfig['def_irc_ports'] != "") { $natent['def_irc_ports'] = $pconfig['def_irc_ports']; } - if ($pconfig['def_nntp_ports'] != "") { $natent['def_nntp_ports'] = $pconfig['def_nntp_ports']; } - if ($pconfig['def_rlogin_ports'] != "") { $natent['def_rlogin_ports'] = $pconfig['def_rlogin_ports']; } - if ($pconfig['def_rsh_ports'] != "") { $natent['def_rsh_ports'] = $pconfig['def_rsh_ports']; } - if ($pconfig['def_ssl_ports'] != "") { $natent['def_ssl_ports'] = $pconfig['def_ssl_ports']; } - if ($pconfig['barnyard_enable'] != "") { $natent['barnyard_enable'] = $pconfig['barnyard_enable']; } - if ($pconfig['barnyard_mysql'] != "") { $natent['barnyard_mysql'] = $pconfig['barnyard_mysql']; } - if ($pconfig['barnconfigpassthru'] != "") { $natent['barnconfigpassthru'] = $pconfig['barnconfigpassthru']; } - if ($pconfig['rulesets'] != "") { $natent['rulesets'] = $pconfig['rulesets']; } - if ($pconfig['rule_sid_off'] != "") { $natent['rule_sid_off'] = $pconfig['rule_sid_off']; } - if ($pconfig['rule_sid_on'] != "") { $natent['rule_sid_on'] = $pconfig['rule_sid_on']; } - - - $if_real = snort_get_real_interface($natent['interface']); - - if (isset($id) && $a_nat[$id]) { - if ($natent['interface'] != $a_nat[$id]['interface']) - Running_Stop($snort_uuid, $if_real, $id); - $a_nat[$id] = $natent; - } else { - if (is_numeric($after)) - array_splice($a_nat, $after+1, 0, array($natent)); - else - $a_nat[] = $natent; - } - - write_config(); - - sync_snort_package_config(); - sleep(1); - - /* if snort.sh crashed this will remove the pid */ - exec('/bin/rm /tmp/snort.sh.pid'); - - header( 'Expires: Sat, 26 Jul 1997 05:00:00 GMT' ); - header( 'Last-Modified: ' . gmdate( 'D, d M Y H:i:s' ) . ' GMT' ); - header( 'Cache-Control: no-store, no-cache, must-revalidate' ); - header( 'Cache-Control: post-check=0, pre-check=0', false ); - header( 'Pragma: no-cache' ); - header("Location: /snort/snort_interfaces.php"); - - exit; - } - } - - if ($_POST["Submit2"]) { - - sync_snort_package_config(); - sleep(1); - - Running_Start($snort_uuid, $if_real, $id); - - header( 'Expires: Sat, 26 Jul 1997 05:00:00 GMT' ); - header( 'Last-Modified: ' . gmdate( 'D, d M Y H:i:s' ) . ' GMT' ); - header( 'Cache-Control: no-store, no-cache, must-revalidate' ); - header( 'Cache-Control: post-check=0, pre-check=0', false ); - header( 'Pragma: no-cache' ); - header("Location: /snort/snort_interfaces_edit.php?id=$id"); - exit; - } - -$pgtitle = "Snort: Interface Edit: $id $snort_uuid $if_real"; -include_once("head.inc"); - -?> - -<body link="#0000CC" vlink="#0000CC" alink="#0000CC"> -<?php - include("fbegin.inc"); - echo "{$snort_general_css}\n"; -?> - -<noscript> -<div class="alert" ALIGN=CENTER><img - src="/themes/<?php echo $g['theme']; ?>/images/icons/icon_alert.gif" /><strong>Please -enable JavaScript to view this content</strong></div> -</noscript> -<script language="JavaScript"> -<!-- - -function enable_blockoffenders() { - var endis = !(document.iform.blockoffenders7.checked); - document.iform.blockoffenderskill.disabled=endis; - document.iform.blockoffendersip.disabled=endis; -} - -function enable_change(enable_change) { - endis = !(document.iform.enable.checked || enable_change); - // make shure a default answer is called if this is envoked. - endis2 = (document.iform.enable); - document.iform.performance.disabled = endis; - document.iform.blockoffenders7.disabled = endis; - document.iform.alertsystemlog.disabled = endis; - document.iform.externallistname.disabled = endis; - document.iform.homelistname.disabled = endis; - document.iform.suppresslistname.disabled = endis; - document.iform.tcpdumplog.disabled = endis; - document.iform.snortunifiedlog.disabled = endis; - document.iform.configpassthru.disabled = endis; -} -//--> -</script> -<?if($pfsense_stable == 'yes'){echo '<p class="pgtitle">' . $pgtitle . '</p>';}?> - -<body link="#0000CC" vlink="#0000CC" alink="#0000CC"> - -<form action="snort_interfaces_edit.php<?php echo "?id=$id";?>" method="post" enctype="multipart/form-data" name="iform" id="iform"> -<?php - /* Display Alert message */ - if ($input_errors) { - print_input_errors($input_errors); // TODO: add checks - } - - if ($savemsg) { - print_info_box2($savemsg); - } - - //if (file_exists($d_snortconfdirty_path)) { - if (file_exists($d_snortconfdirty_path) || file_exists("/var/run/snort_conf_{$snort_uuid}_.dirty")) { - echo '<p>'; - - if($savemsg) - print_info_box_np2("{$savemsg}"); - else { - print_info_box_np2(' - The Snort configuration has changed and snort needs to be restarted on this interface.<br> - You must apply the changes in order for them to take effect.<br> - '); - } - } -?> - -<table width="100%" border="0" cellpadding="0" cellspacing="0"> -<tr><td> -<?php - $tab_array = array(); - $tabid = 0; - $tab_array[$tabid] = array(gettext("Snort Interfaces"), false, "/snort/snort_interfaces.php"); - $tabid++; - $tab_array[$tabid] = array(gettext("If Settings"), true, "/snort/snort_interfaces_edit.php?id={$id}"); - $tabid++; - $tab_array[$tabid] = array(gettext("Categories"), false, "/snort/snort_rulesets.php?id={$id}"); - $tabid++; - $tab_array[$tabid] = array(gettext("Rules"), false, "/snort/snort_rules.php?id={$id}"); - $tabid++; - $tab_array[$tabid] = array(gettext("Servers"), false, "/snort/snort_define_servers.php?id={$id}"); - $tabid++; - $tab_array[$tabid] = array(gettext("Preprocessors"), false, "/snort/snort_preprocessors.php?id={$id}"); - $tabid++; - $tab_array[$tabid] = array(gettext("Barnyard2"), false, "/snort/snort_barnyard.php?id={$id}"); - display_top_tabs($tab_array); -?> -</td></tr> - <tr> - <td class="tabnavtbl"> - <?php - if ($a_nat[$id]['interface'] != '') { - /* get the interface name */ - $snortInterfaces = array(); /* -gtm */ - - $if_list = $config['installedpackages']['snortglobal']['rule'][$id]['interface']; - $if_array = split(',', $if_list); - if($if_array) { - foreach($if_array as $iface2) { - /* build a list of user specified interfaces -gtm */ - $if2 = snort_get_real_interface($iface2); - if ($if2) - array_push($snortInterfaces, $if2); - } - - if (count($snortInterfaces) < 1) - log_error("Snort will not start. You must select an interface for it to listen on."); - } - - } - ?> - </td> - </tr> - <tr> - <td class="tabcont"> - <table width="100%" border="0" cellpadding="6" cellspacing="0"> - <tr> - <td colspan="2" valign="top" class="listtopic">General Settings</td> - </tr> - <tr> - <td width="22%" valign="top" class="vncellreq2">Enable</td> - <td width="22%" valign="top" class="vtable"> <?php - // <input name="enable" type="checkbox" value="yes" checked onClick="enable_change(false)"> - // care with spaces - if ($pconfig['enable'] == "on") - $checked = checked; - - $onclick_enable = "onClick=\"enable_change(false)\">"; - - echo " - <input name=\"enable\" type=\"checkbox\" value=\"on\" $checked $onclick_enable - Enable or Disable</td>\n\n"; - ?></td> - </tr> - <tr> - <td width="22%" valign="top" class="vncellreq2">Interface</td> - <td width="78%" class="vtable"> - <select name="interface" class="formfld"> - <?php - if (function_exists('get_configured_interface_with_descr')) - $interfaces = get_configured_interface_with_descr(); - else { - $interfaces = array('wan' => 'WAN', 'lan' => 'LAN'); - for ($i = 1; isset($config['interfaces']['opt' . $i]); $i++) { - $interfaces['opt' . $i] = $config['interfaces']['opt' . $i]['descr']; - } - } - foreach ($interfaces as $iface => $ifacename): ?> - <option value="<?=$iface;?>" - <?php if ($iface == $pconfig['interface']) echo "selected"; ?>><?=htmlspecialchars($ifacename);?> - </option> - <?php endforeach; ?> - </select><br> - <span class="vexpl">Choose which interface this rule applies to.<br> - Hint: in most cases, you'll want to use WAN here.</span></td> - </tr> - <tr> - <td width="22%" valign="top" class="vncellreq2">Description</td> - <td width="78%" class="vtable"><input name="descr" type="text" - class="formfld" id="descr" size="40" - value="<?=htmlspecialchars($pconfig['descr']);?>"> <br> - <span class="vexpl">You may enter a description here for your - reference (not parsed).</span></td> - </tr> - <tr> - <td width="22%" valign="top" class="vncell2">Memory Performance</td> - <td width="78%" class="vtable"><select name="performance" - class="formfld" id="performance"> - <?php - $interfaces2 = array('ac-bnfa' => 'AC-BNFA', 'lowmem' => 'LOWMEM', 'ac-std' => 'AC-STD', 'ac' => 'AC', 'ac-banded' => 'AC-BANDED', 'ac-sparsebands' => 'AC-SPARSEBANDS', 'acs' => 'ACS'); - foreach ($interfaces2 as $iface2 => $ifacename2): ?> - <option value="<?=$iface2;?>" - <?php if ($iface2 == $pconfig['performance']) echo "selected"; ?>> - <?=htmlspecialchars($ifacename2);?></option> - <?php endforeach; ?> - </select><br> - <span class="vexpl">Lowmem and ac-bnfa are recommended for low end - systems, Ac: high memory, best performance, ac-std: moderate - memory,high performance, acs: small memory, moderateperformance, - ac-banded: small memory,moderate performance, ac-sparsebands: small - memory, high performance.<br> - </span></td> - </tr> - <tr> - <td colspan="2" valign="top" class="listtopic">Choose the networks - snort should inspect and whitelist.</td> - </tr> - <tr> - <td width="22%" valign="top" class="vncell2">Home net</td> - <td width="78%" class="vtable"><select name="homelistname" - class="formfld" id="homelistname"> - <?php - echo "<option value='default' >default</option>"; - /* find whitelist names and filter by type */ - if (is_array($config['installedpackages']['snortglobal']['whitelist']['item'])) { - foreach ($config['installedpackages']['snortglobal']['whitelist']['item'] as $value) { - if ($value['snortlisttype'] == 'netlist') { - $ilistname = $value['name']; - if ($ilistname == $pconfig['homelistname']) - echo "<option value='$ilistname' selected>"; - else - echo "<option value='$ilistname'>"; - echo htmlspecialchars($ilistname) . '</option>'; - } - } - } - ?> - </select><br> - <span class="vexpl">Choose the home net you will like this rule to - use. </span> <br/><span class="red">Note:</span> Default home - net adds only local networks.<br> - <span class="red">Hint:</span> Most users add a list of - friendly ips that the firewall cant see.</td> - </tr> - <tr> - <td width="22%" valign="top" class="vncell2">External net</td> - <td width="78%" class="vtable"><select name="externallistname" - class="formfld" id="externallistname"> - <?php - echo "<option value='default' >default</option>"; - /* find whitelist names and filter by type */ - if (is_array($config['installedpackages']['snortglobal']['whitelist']['item'])) { - foreach ($config['installedpackages']['snortglobal']['whitelist']['item'] as $value) { - if ($value['snortlisttype'] == 'netlist') { - $ilistname = $value['name']; - if ($ilistname == $pconfig['externallistname']) - echo "<option value='$ilistname' selected>"; - else - echo "<option value='$ilistname'>"; - echo htmlspecialchars($ilistname) . '</option>'; - } - } - } - ?> - </select><br/> - <span class="vexpl">Choose the external net you will like this rule - to use. </span> <br/><span class="red">Note:</span> Default - external net, networks that are not home net.<br> - <span class="red">Hint:</span> Most users should leave this - setting at default.</td> - </tr> - <tr> - <td width="22%" valign="top" class="vncell2">Block offenders</td> - <td width="78%" class="vtable"> - <input name="blockoffenders7" id="blockoffenders7" type="checkbox" value="on" - <?php if ($pconfig['blockoffenders7'] == "on") echo "checked"; ?> - onClick="enable_blockoffenders()"><br> - Checking this option will automatically block hosts that generate a - Snort alert.</td> - </tr> - <tr> - <td width="22%" valign="top" class="vncell2">Kill states</td> - <td width="78%" class="vtable"> - <input name="blockoffenderskill" id="blockoffenderskill" type="checkbox" value="on" <?php if ($pconfig['blockoffenderskill'] == "on") echo "checked"; ?>> - <br/>Should firewall states be killed for the blocked ip - </td> - </tr> - <tr> - <td width="22%" valign="top" class="vncell2">Which ip to block</td> - <td width="78%" class="vtable"> - <select name="blockoffendersip" class="formfld" id="blockoffendersip"> - <?php - foreach (array("src", "dst", "both") as $btype) { - if ($btype == $pconfig['blockoffendersip']) - echo "<option value='{$btype}' selected>"; - else - echo "<option value='{$btype}'>"; - echo htmlspecialchars($btype) . '</option>'; - } - ?> - </select> - <br/> Which ip extracted from the packet you want to block - </td> - </tr> - <tr> - <td width="22%" valign="top" class="vncell2">Whitelist</td> - <td width="78%" class="vtable"> - <select name="whitelistname" class="formfld" id="whitelistname"> - <?php - /* find whitelist names and filter by type, make sure to track by uuid */ - echo "<option value='default' >default</option>\n"; - if (is_array($config['installedpackages']['snortglobal']['whitelist']['item'])) { - foreach ($config['installedpackages']['snortglobal']['whitelist']['item'] as $value) { - if ($value['snortlisttype'] == 'whitelist') { - if ($value['name'] == $pconfig['whitelistname']) - echo "<option value='{$value['name']}' selected>"; - else - echo "<option value='{$value['name']}'>"; - echo htmlspecialchars($value['name']) . '</option>'; - } - } - } - ?> - </select><br> - <span class="vexpl">Choose the whitelist you will like this rule to - use. </span> <br/><span class="red">Note:</span> Default - whitelist adds only local networks.<br/> - <span class="red">Note:</span> This option will only be used when block offenders is on. - </td> - </tr> - <tr> - <td width="22%" valign="top" class="vncell2">Suppression and - filtering</td> - <td width="78%" class="vtable"> - <select name="suppresslistname" class="formfld" id="suppresslistname"> - <?php - echo "<option value='default' >default</option>\n"; - if (is_array($config['installedpackages']['snortglobal']['suppress']['item'])) { - $slist_select = $config['installedpackages']['snortglobal']['suppress']['item']; - foreach ($slist_select as $value) { - $ilistname = $value['name']; - if ($ilistname == $pconfig['suppresslistname']) - echo "<option value='$ilistname' selected>"; - else - echo "<option value='$ilistname'>"; - echo htmlspecialchars($ilistname) . '</option>'; - } - } - ?> - </select><br> - <span class="vexpl">Choose the suppression or filtering file you - will like this rule to use. </span> <br/><span class="red">Note:</span> Default - option disables suppression and filtering.</td> - </tr> - - <tr> - <td colspan="2" valign="top" class="listtopic">Choose the types of - logs snort should create.</td> - </tr> - <tr> - <td width="22%" valign="top" class="vncell2">Send alerts to main - System logs</td> - <td width="78%" class="vtable"><input name="alertsystemlog" - type="checkbox" value="on" - <?php if ($pconfig['alertsystemlog'] == "on") echo "checked"; ?> - onClick="enable_change(false)"><br> - Snort will send Alerts to the firewall's system logs.</td> - </tr> - <tr> - <td width="22%" valign="top" class="vncell2">Log to a Tcpdump file</td> - <td width="78%" class="vtable"><input name="tcpdumplog" - type="checkbox" value="on" - <?php if ($pconfig['tcpdumplog'] == "on") echo "checked"; ?> - onClick="enable_change(false)"><br> - Snort will log packets to a tcpdump-formatted file. The file then - can be analyzed by an application such as Wireshark which - understands pcap file formats. <span class="red"><strong>WARNING:</strong></span> - File may become large.</td> - </tr> - <tr> - <td width="22%" valign="top" class="vncell2">Log Alerts to a snort - unified2 file</td> - <td width="78%" class="vtable"><input name="snortunifiedlog" - type="checkbox" value="on" - <?php if ($pconfig['snortunifiedlog'] == "on") echo "checked"; ?> - onClick="enable_change(false)"><br> - Snort will log Alerts to a file in the UNIFIED2 format. This is a - requirement for barnyard2.</td> - </tr> - <tr> - <td colspan="2" valign="top" class="listtopic">Arguments here will - be automatically inserted into the snort configuration.</td> - </tr> - <tr> - <td width="22%" valign="top" class="vncell2">Advanced configuration - pass through</td> - <td width="78%" class="vtable"><textarea wrap="off" - name="configpassthru" cols="75" rows="12" id="configpassthru" - class="formpre2"><?=htmlspecialchars($pconfig['configpassthru']);?></textarea> - </td> - </tr> - <tr> - <td width="22%" valign="top"></td> - <td width="78%"><input name="Submit" type="submit" class="formbtn" value="Save"> - <?php if (isset($id) && $a_nat[$id]): ?> - <input name="id" type="hidden" value="<?=$id;?>"> - <?php endif; ?></td> - </tr> - <tr> - <td width="22%" valign="top"> </td> - <td width="78%"><span class="vexpl"><span class="red"><strong>Note:</strong></span> - <br> - Please save your settings before you click start. </td> - </tr> - </table> - -</table> -</form> - -<script language="JavaScript"> -<!-- -enable_change(false); -enable_blockoffenders(); -//--> -</script> - -<?php include("fend.inc"); ?> -</body> -</html> +<?php
+/*
+ snort_interfaces_edit.php
+ part of m0n0wall (http://m0n0.ch/wall)
+
+ Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>.
+ Copyright (C) 2008-2009 Robert Zelaya.
+ Copyright (C) 2011 Ermal Luci
+ All rights reserved.
+
+ Redistribution and use in source and binary forms, with or without
+ modification, are permitted provided that the following conditions are met:
+
+ 1. Redistributions of source code must retain the above copyright notice,
+ this list of conditions and the following disclaimer.
+
+ 2. Redistributions in binary form must reproduce the above copyright
+ notice, this list of conditions and the following disclaimer in the
+ documentation and/or other materials provided with the distribution.
+
+ THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
+ INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
+ AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
+ OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ POSSIBILITY OF SUCH DAMAGE.
+ */
+
+require_once("/usr/local/www/guiconfig.inc");
+require_once("/usr/local/pkg/snort/snort_gui.inc");
+require_once("/usr/local/pkg/snort/snort.inc");
+
+global $g;
+
+if (!is_array($config['installedpackages']['snortglobal']['rule']))
+ $config['installedpackages']['snortglobal']['rule'] = array();
+$a_nat = &$config['installedpackages']['snortglobal']['rule'];
+
+$id = $_GET['id'];
+if (isset($_POST['id']))
+ $id = $_POST['id'];
+if (is_null($id)) {
+ header("Location: /snort/snort_interfaces.php");
+ exit;
+}
+
+if (isset($_GET['dup'])) {
+ $id = $_GET['dup'];
+ $after = $_GET['dup'];
+}
+
+
+/* always have a limit of (65535) numbers only or snort will not start do to id limits */
+/* TODO: When inline gets added make the uuid the port number lisstening */
+$pconfig = array();
+
+/* gen uuid for each iface !inportant */
+if (empty($config['installedpackages']['snortglobal']['rule'][$id]['uuid'])) {
+ //$snort_uuid = gen_snort_uuid(strrev(uniqid(true)));
+ $snort_uuid = 0;
+ while ($snort_uuid > 65535 || $snort_uuid == 0) {
+ $snort_uuid = mt_rand(1, 65535);
+ $pconfig['uuid'] = $snort_uuid;
+ }
+} else {
+ $snort_uuid = $a_nat[$id]['uuid'];
+ $pconfig['uuid'] = $snort_uuid;
+}
+
+if (isset($id) && $a_nat[$id]) {
+
+ /* old options */
+ $pconfig['def_ssl_ports_ignore'] = $a_nat[$id]['def_ssl_ports_ignore'];
+ $pconfig['flow_depth'] = $a_nat[$id]['flow_depth'];
+ $pconfig['max_queued_bytes'] = $a_nat[$id]['max_queued_bytes'];
+ $pconfig['max_queued_segs'] = $a_nat[$id]['max_queued_segs'];
+ $pconfig['perform_stat'] = $a_nat[$id]['perform_stat'];
+ $pconfig['http_inspect'] = $a_nat[$id]['http_inspect'];
+ $pconfig['other_preprocs'] = $a_nat[$id]['other_preprocs'];
+ $pconfig['ftp_preprocessor'] = $a_nat[$id]['ftp_preprocessor'];
+ $pconfig['smtp_preprocessor'] = $a_nat[$id]['smtp_preprocessor'];
+ $pconfig['sf_portscan'] = $a_nat[$id]['sf_portscan'];
+ $pconfig['dce_rpc_2'] = $a_nat[$id]['dce_rpc_2'];
+ $pconfig['dns_preprocessor'] = $a_nat[$id]['dns_preprocessor'];
+ $pconfig['def_dns_servers'] = $a_nat[$id]['def_dns_servers'];
+ $pconfig['def_dns_ports'] = $a_nat[$id]['def_dns_ports'];
+ $pconfig['def_smtp_servers'] = $a_nat[$id]['def_smtp_servers'];
+ $pconfig['def_smtp_ports'] = $a_nat[$id]['def_smtp_ports'];
+ $pconfig['def_mail_ports'] = $a_nat[$id]['def_mail_ports'];
+ $pconfig['def_http_servers'] = $a_nat[$id]['def_http_servers'];
+ $pconfig['def_www_servers'] = $a_nat[$id]['def_www_servers'];
+ $pconfig['def_http_ports'] = $a_nat[$id]['def_http_ports'];
+ $pconfig['def_sql_servers'] = $a_nat[$id]['def_sql_servers'];
+ $pconfig['def_oracle_ports'] = $a_nat[$id]['def_oracle_ports'];
+ $pconfig['def_mssql_ports'] = $a_nat[$id]['def_mssql_ports'];
+ $pconfig['def_telnet_servers'] = $a_nat[$id]['def_telnet_servers'];
+ $pconfig['def_telnet_ports'] = $a_nat[$id]['def_telnet_ports'];
+ $pconfig['def_snmp_servers'] = $a_nat[$id]['def_snmp_servers'];
+ $pconfig['def_snmp_ports'] = $a_nat[$id]['def_snmp_ports'];
+ $pconfig['def_ftp_servers'] = $a_nat[$id]['def_ftp_servers'];
+ $pconfig['def_ftp_ports'] = $a_nat[$id]['def_ftp_ports'];
+ $pconfig['def_ssh_servers'] = $a_nat[$id]['def_ssh_servers'];
+ $pconfig['def_ssh_ports'] = $a_nat[$id]['def_ssh_ports'];
+ $pconfig['def_pop_servers'] = $a_nat[$id]['def_pop_servers'];
+ $pconfig['def_pop2_ports'] = $a_nat[$id]['def_pop2_ports'];
+ $pconfig['def_pop3_ports'] = $a_nat[$id]['def_pop3_ports'];
+ $pconfig['def_imap_servers'] = $a_nat[$id]['def_imap_servers'];
+ $pconfig['def_imap_ports'] = $a_nat[$id]['def_imap_ports'];
+ $pconfig['def_sip_proxy_ip'] = $a_nat[$id]['def_sip_proxy_ip'];
+ $pconfig['def_sip_servers'] = $a_nat[$id]['def_sip_servers'];
+ $pconfig['def_sip_ports'] = $a_nat[$id]['def_sip_ports'];
+ $pconfig['def_sip_proxy_ports'] = $a_nat[$id]['def_sip_proxy_ports'];
+ $pconfig['def_auth_ports'] = $a_nat[$id]['def_auth_ports'];
+ $pconfig['def_finger_ports'] = $a_nat[$id]['def_finger_ports'];
+ $pconfig['def_irc_ports'] = $a_nat[$id]['def_irc_ports'];
+ $pconfig['def_nntp_ports'] = $a_nat[$id]['def_nntp_ports'];
+ $pconfig['def_rlogin_ports'] = $a_nat[$id]['def_rlogin_ports'];
+ $pconfig['def_rsh_ports'] = $a_nat[$id]['def_rsh_ports'];
+ $pconfig['def_ssl_ports'] = $a_nat[$id]['def_ssl_ports'];
+ $pconfig['barnyard_enable'] = $a_nat[$id]['barnyard_enable'];
+ $pconfig['barnyard_mysql'] = $a_nat[$id]['barnyard_mysql'];
+ $pconfig['enable'] = $a_nat[$id]['enable'];
+ $pconfig['interface'] = $a_nat[$id]['interface'];
+ $pconfig['descr'] = $a_nat[$id]['descr'];
+ $pconfig['performance'] = $a_nat[$id]['performance'];
+ $pconfig['blockoffenders7'] = $a_nat[$id]['blockoffenders7'];
+ $pconfig['blockoffenderskill'] = $a_nat[$id]['blockoffenderskill'];
+ $pconfig['blockoffendersip'] = $a_nat[$id]['blockoffendersip'];
+ $pconfig['whitelistname'] = $a_nat[$id]['whitelistname'];
+ $pconfig['homelistname'] = $a_nat[$id]['homelistname'];
+ $pconfig['externallistname'] = $a_nat[$id]['externallistname'];
+ $pconfig['suppresslistname'] = $a_nat[$id]['suppresslistname'];
+ $pconfig['snortalertlogtype'] = $a_nat[$id]['snortalertlogtype'];
+ $pconfig['alertsystemlog'] = $a_nat[$id]['alertsystemlog'];
+ $pconfig['tcpdumplog'] = $a_nat[$id]['tcpdumplog'];
+ $pconfig['snortunifiedlog'] = $a_nat[$id]['snortunifiedlog'];
+ $pconfig['snortalertcvs'] = $a_nat[$id]['snortalertcvs'];
+ $pconfig['snortunifiedlogbasic'] = $a_nat[$id]['snortunifiedlogbasic'];
+ $pconfig['configpassthru'] = base64_decode($a_nat[$id]['configpassthru']);
+ $pconfig['barnconfigpassthru'] = $a_nat[$id]['barnconfigpassthru'];
+ $pconfig['rulesets'] = $a_nat[$id]['rulesets'];
+ $pconfig['rule_sid_off'] = $a_nat[$id]['rule_sid_off'];
+ $pconfig['rule_sid_on'] = $a_nat[$id]['rule_sid_on'];
+
+
+ if (!$pconfig['interface'])
+ $pconfig['interface'] = "wan";
+ } else
+ $pconfig['interface'] = "wan";
+
+/* convert fake interfaces to real */
+$if_real = snort_get_real_interface($pconfig['interface']);
+
+if (isset($_GET['dup']))
+ unset($id);
+
+ /* alert file */
+ $d_snortconfdirty_path = "/var/run/snort_conf_{$snort_uuid}_{$if_real}.dirty";
+
+ if ($_POST["Submit"]) {
+
+ if ($_POST['descr'] == '' && $pconfig['descr'] == '') {
+ $input_errors[] = "Please enter a description for your reference.";
+ }
+
+ if ($id == "" && $config['installedpackages']['snortglobal']['rule'][0]['interface'] != "") {
+
+ $rule_array = $config['installedpackages']['snortglobal']['rule'];
+ foreach ($config['installedpackages']['snortglobal']['rule'] as $value) {
+
+ $result_lan = $value['interface'];
+ $if_real = snort_get_real_interface($result_lan);
+
+ if ($_POST['interface'] == $result_lan)
+ $input_errors[] = "Interface $result_lan is in use. Please select another interface.";
+ }
+ }
+
+ /* XXX: Void code
+ * check for overlaps
+ foreach ($a_nat as $natent) {
+ if (isset($id) && ($a_nat[$id]) && ($a_nat[$id] === $natent))
+ continue;
+ if ($natent['interface'] != $_POST['interface'])
+ continue;
+ }
+ */
+
+ /* if no errors write to conf */
+ if (!$input_errors) {
+ $natent = array();
+
+ /* write to conf for 1st time or rewrite the answer */
+ if ($_POST['interface'])
+ $natent['interface'] = $_POST['interface'];
+
+ /* if post write to conf or rewite the answer */
+ $natent['enable'] = $_POST['enable'] ? 'on' : 'off';
+ $natent['uuid'] = $pconfig['uuid'];
+ $natent['descr'] = $_POST['descr'] ? $_POST['descr'] : $pconfig['descr'];
+ $natent['performance'] = $_POST['performance'] ? $_POST['performance'] : $pconfig['performance'];
+ /* if post = on use on off or rewrite the conf */
+ if ($_POST['blockoffenders7'] == "on")
+ $natent['blockoffenders7'] = 'on';
+ else
+ $natent['blockoffenders7'] = 'off';
+ if ($_POST['blockoffenderskill'] == "on")
+ $natent['blockoffenderskill'] = 'on';
+ if ($_POST['blockoffendersip'])
+ $natent['blockoffendersip'] = $_POST['blockoffendersip'];
+
+ $natent['whitelistname'] = $_POST['whitelistname'] ? $_POST['whitelistname'] : $pconfig['whitelistname'];
+ $natent['homelistname'] = $_POST['homelistname'] ? $_POST['homelistname'] : $pconfig['homelistname'];
+ $natent['externallistname'] = $_POST['externallistname'] ? $_POST['externallistname'] : $pconfig['externallistname'];
+ $natent['suppresslistname'] = $_POST['suppresslistname'] ? $_POST['suppresslistname'] : $pconfig['suppresslistname'];
+ $natent['snortalertlogtype'] = $_POST['snortalertlogtype'] ? $_POST['snortalertlogtype'] : $pconfig['snortalertlogtype'];
+ if ($_POST['alertsystemlog'] == "on") { $natent['alertsystemlog'] = 'on'; }else{ $natent['alertsystemlog'] = 'off'; }
+ if ($_POST['enable']) { $natent['enable'] = 'on'; } else unset($natent['enable']);
+ if ($_POST['tcpdumplog'] == "on") { $natent['tcpdumplog'] = 'on'; }else{ $natent['tcpdumplog'] = 'off'; }
+ if ($_POST['snortunifiedlog'] == "on") { $natent['snortunifiedlog'] = 'on'; }else{ $natent['snortunifiedlog'] = 'off'; }
+ if ($_POST['snortalertcvs'] == "on") { $natent['snortalertcvs'] = 'on'; }else{ $natent['snortalertcvs'] = 'off'; }
+ if ($_POST['snortunifiedlogbasic'] == "on") { $natent['snortunifiedlogbasic'] = 'on'; }else{ $natent['snortunifiedlogbasic'] = 'off'; }
+ $natent['configpassthru'] = $_POST['configpassthru'] ? base64_encode($_POST['configpassthru']) : $pconfig['configpassthru'];
+ /* if optiion = 0 then the old descr way will not work */
+
+ /* rewrite the options that are not in post */
+ /* make shure values are set befor repost or conf.xml will be broken */
+ if ($pconfig['def_ssl_ports_ignore'] != "") { $natent['def_ssl_ports_ignore'] = $pconfig['def_ssl_ports_ignore']; }
+ if ($pconfig['flow_depth'] != "") { $natent['flow_depth'] = $pconfig['flow_depth']; }
+ if ($pconfig['max_queued_bytes'] != "") { $natent['max_queued_bytes'] = $pconfig['max_queued_bytes']; }
+ if ($pconfig['max_queued_segs'] != "") { $natent['max_queued_segs'] = $pconfig['max_queued_segs']; }
+ if ($pconfig['perform_stat'] != "") { $natent['perform_stat'] = $pconfig['perform_stat']; }
+ if ($pconfig['http_inspect'] != "") { $natent['http_inspect'] = $pconfig['http_inspect']; }
+ if ($pconfig['other_preprocs'] != "") { $natent['other_preprocs'] = $pconfig['other_preprocs']; }
+ if ($pconfig['ftp_preprocessor'] != "") { $natent['ftp_preprocessor'] = $pconfig['ftp_preprocessor']; }
+ if ($pconfig['smtp_preprocessor'] != "") { $natent['smtp_preprocessor'] = $pconfig['smtp_preprocessor']; }
+ if ($pconfig['sf_portscan'] != "") { $natent['sf_portscan'] = $pconfig['sf_portscan']; }
+ if ($pconfig['dce_rpc_2'] != "") { $natent['dce_rpc_2'] = $pconfig['dce_rpc_2']; }
+ if ($pconfig['dns_preprocessor'] != "") { $natent['dns_preprocessor'] = $pconfig['dns_preprocessor']; }
+ if ($pconfig['def_dns_servers'] != "") { $natent['def_dns_servers'] = $pconfig['def_dns_servers']; }
+ if ($pconfig['def_dns_ports'] != "") { $natent['def_dns_ports'] = $pconfig['def_dns_ports']; }
+ if ($pconfig['def_smtp_servers'] != "") { $natent['def_smtp_servers'] = $pconfig['def_smtp_servers']; }
+ if ($pconfig['def_smtp_ports'] != "") { $natent['def_smtp_ports'] = $pconfig['def_smtp_ports']; }
+ if ($pconfig['def_mail_ports'] != "") { $natent['def_mail_ports'] = $pconfig['def_mail_ports']; }
+ if ($pconfig['def_http_servers'] != "") { $natent['def_http_servers'] = $pconfig['def_http_servers']; }
+ if ($pconfig['def_www_servers'] != "") { $natent['def_www_servers'] = $pconfig['def_www_servers']; }
+ if ($pconfig['def_http_ports'] != "") { $natent['def_http_ports'] = $pconfig['def_http_ports']; }
+ if ($pconfig['def_sql_servers'] != "") { $natent['def_sql_servers'] = $pconfig['def_sql_servers']; }
+ if ($pconfig['def_oracle_ports'] != "") { $natent['def_oracle_ports'] = $pconfig['def_oracle_ports']; }
+ if ($pconfig['def_mssql_ports'] != "") { $natent['def_mssql_ports'] = $pconfig['def_mssql_ports']; }
+ if ($pconfig['def_telnet_servers'] != "") { $natent['def_telnet_servers'] = $pconfig['def_telnet_servers']; }
+ if ($pconfig['def_telnet_ports'] != "") { $natent['def_telnet_ports'] = $pconfig['def_telnet_ports']; }
+ if ($pconfig['def_snmp_servers'] != "") { $natent['def_snmp_servers'] = $pconfig['def_snmp_servers']; }
+ if ($pconfig['def_snmp_ports'] != "") { $natent['def_snmp_ports'] = $pconfig['def_snmp_ports']; }
+ if ($pconfig['def_ftp_servers'] != "") { $natent['def_ftp_servers'] = $pconfig['def_ftp_servers']; }
+ if ($pconfig['def_ftp_ports'] != "") { $natent['def_ftp_ports'] = $pconfig['def_ftp_ports']; }
+ if ($pconfig['def_ssh_servers'] != "") { $natent['def_ssh_servers'] = $pconfig['def_ssh_servers']; }
+ if ($pconfig['def_ssh_ports'] != "") { $natent['def_ssh_ports'] = $pconfig['def_ssh_ports']; }
+ if ($pconfig['def_pop_servers'] != "") { $natent['def_pop_servers'] = $pconfig['def_pop_servers']; }
+ if ($pconfig['def_pop2_ports'] != "") { $natent['def_pop2_ports'] = $pconfig['def_pop2_ports']; }
+ if ($pconfig['def_pop3_ports'] != "") { $natent['def_pop3_ports'] = $pconfig['def_pop3_ports']; }
+ if ($pconfig['def_imap_servers'] != "") { $natent['def_imap_servers'] = $pconfig['def_imap_servers']; }
+ if ($pconfig['def_imap_ports'] != "") { $natent['def_imap_ports'] = $pconfig['def_imap_ports']; }
+ if ($pconfig['def_sip_proxy_ip'] != "") { $natent['def_sip_proxy_ip'] = $pconfig['def_sip_proxy_ip']; }
+ if ($pconfig['def_sip_servers'] != "") { $natent['def_sip_servers'] = $pconfig['def_sip_servers']; }else{ $natent['def_sip_servers'] = ""; }
+ if ($pconfig['def_sip_ports'] != "") { $natent['def_sip_ports'] = $pconfig['def_sip_ports']; }else{ $natent['def_sip_ports'] = ""; }
+ if ($pconfig['def_sip_proxy_ports'] != "") { $natent['def_sip_proxy_ports'] = $pconfig['def_sip_proxy_ports']; }
+ if ($pconfig['def_auth_ports'] != "") { $natent['def_auth_ports'] = $pconfig['def_auth_ports']; }
+ if ($pconfig['def_finger_ports'] != "") { $natent['def_finger_ports'] = $pconfig['def_finger_ports']; }
+ if ($pconfig['def_irc_ports'] != "") { $natent['def_irc_ports'] = $pconfig['def_irc_ports']; }
+ if ($pconfig['def_nntp_ports'] != "") { $natent['def_nntp_ports'] = $pconfig['def_nntp_ports']; }
+ if ($pconfig['def_rlogin_ports'] != "") { $natent['def_rlogin_ports'] = $pconfig['def_rlogin_ports']; }
+ if ($pconfig['def_rsh_ports'] != "") { $natent['def_rsh_ports'] = $pconfig['def_rsh_ports']; }
+ if ($pconfig['def_ssl_ports'] != "") { $natent['def_ssl_ports'] = $pconfig['def_ssl_ports']; }
+ if ($pconfig['barnyard_enable'] != "") { $natent['barnyard_enable'] = $pconfig['barnyard_enable']; }
+ if ($pconfig['barnyard_mysql'] != "") { $natent['barnyard_mysql'] = $pconfig['barnyard_mysql']; }
+ if ($pconfig['barnconfigpassthru'] != "") { $natent['barnconfigpassthru'] = $pconfig['barnconfigpassthru']; }
+ if ($pconfig['rulesets'] != "") { $natent['rulesets'] = $pconfig['rulesets']; }
+ if ($pconfig['rule_sid_off'] != "") { $natent['rule_sid_off'] = $pconfig['rule_sid_off']; }
+ if ($pconfig['rule_sid_on'] != "") { $natent['rule_sid_on'] = $pconfig['rule_sid_on']; }
+
+
+ $if_real = snort_get_real_interface($natent['interface']);
+
+ if (isset($id) && $a_nat[$id]) {
+ if ($natent['interface'] != $a_nat[$id]['interface'])
+ Running_Stop($snort_uuid, $if_real, $id);
+ $a_nat[$id] = $natent;
+ } else {
+ if (is_numeric($after))
+ array_splice($a_nat, $after+1, 0, array($natent));
+ else
+ $a_nat[] = $natent;
+ }
+
+ write_config();
+
+ sync_snort_package_config();
+ sleep(1);
+
+ /* if snort.sh crashed this will remove the pid */
+ exec('/bin/rm /tmp/snort.sh.pid');
+
+ header( 'Expires: Sat, 26 Jul 1997 05:00:00 GMT' );
+ header( 'Last-Modified: ' . gmdate( 'D, d M Y H:i:s' ) . ' GMT' );
+ header( 'Cache-Control: no-store, no-cache, must-revalidate' );
+ header( 'Cache-Control: post-check=0, pre-check=0', false );
+ header( 'Pragma: no-cache' );
+ header("Location: /snort/snort_interfaces.php");
+
+ exit;
+ }
+ }
+
+ if ($_POST["Submit2"]) {
+
+ sync_snort_package_config();
+ sleep(1);
+
+ Running_Start($snort_uuid, $if_real, $id);
+
+ header( 'Expires: Sat, 26 Jul 1997 05:00:00 GMT' );
+ header( 'Last-Modified: ' . gmdate( 'D, d M Y H:i:s' ) . ' GMT' );
+ header( 'Cache-Control: no-store, no-cache, must-revalidate' );
+ header( 'Cache-Control: post-check=0, pre-check=0', false );
+ header( 'Pragma: no-cache' );
+ header("Location: /snort/snort_interfaces_edit.php?id=$id");
+ exit;
+ }
+
+$pgtitle = "Snort: Interface Edit: $id $snort_uuid $if_real";
+include_once("head.inc");
+
+?>
+
+<body link="#0000CC" vlink="#0000CC" alink="#0000CC">
+<?php
+ include("fbegin.inc");
+ echo "{$snort_general_css}\n";
+?>
+
+<noscript>
+<div class="alert" ALIGN=CENTER><img
+ src="/themes/<?php echo $g['theme']; ?>/images/icons/icon_alert.gif" /><strong>Please
+enable JavaScript to view this content</strong></div>
+</noscript>
+<script language="JavaScript">
+<!--
+
+function enable_blockoffenders() {
+ var endis = !(document.iform.blockoffenders7.checked);
+ document.iform.blockoffenderskill.disabled=endis;
+ document.iform.blockoffendersip.disabled=endis;
+}
+
+function enable_change(enable_change) {
+ endis = !(document.iform.enable.checked || enable_change);
+ // make shure a default answer is called if this is envoked.
+ endis2 = (document.iform.enable);
+ document.iform.performance.disabled = endis;
+ document.iform.blockoffenders7.disabled = endis;
+ document.iform.alertsystemlog.disabled = endis;
+ document.iform.externallistname.disabled = endis;
+ document.iform.homelistname.disabled = endis;
+ document.iform.suppresslistname.disabled = endis;
+ document.iform.tcpdumplog.disabled = endis;
+ document.iform.snortunifiedlog.disabled = endis;
+ document.iform.snortalertcvs.disabled = endis;
+ document.iform.snortunifiedlogbasic.disabled = endis;
+ document.iform.configpassthru.disabled = endis;
+}
+//-->
+</script>
+<?if($pfsense_stable == 'yes'){echo '<p class="pgtitle">' . $pgtitle . '</p>';}?>
+
+<body link="#0000CC" vlink="#0000CC" alink="#0000CC">
+
+<form action="snort_interfaces_edit.php<?php echo "?id=$id";?>" method="post" enctype="multipart/form-data" name="iform" id="iform">
+<?php
+ /* Display Alert message */
+ if ($input_errors) {
+ print_input_errors($input_errors); // TODO: add checks
+ }
+
+ if ($savemsg) {
+ print_info_box2($savemsg);
+ }
+
+ //if (file_exists($d_snortconfdirty_path)) {
+ if (file_exists($d_snortconfdirty_path) || file_exists("/var/run/snort_conf_{$snort_uuid}_.dirty")) {
+ echo '<p>';
+
+ if($savemsg)
+ print_info_box_np2("{$savemsg}");
+ else {
+ print_info_box_np2('
+ The Snort configuration has changed and snort needs to be restarted on this interface.<br>
+ You must apply the changes in order for them to take effect.<br>
+ ');
+ }
+ }
+?>
+
+<table width="100%" border="0" cellpadding="0" cellspacing="0">
+<tr><td>
+<?php
+ $tab_array = array();
+ $tabid = 0;
+ $tab_array[$tabid] = array(gettext("Snort Interfaces"), false, "/snort/snort_interfaces.php");
+ $tabid++;
+ $tab_array[$tabid] = array(gettext("If Settings"), true, "/snort/snort_interfaces_edit.php?id={$id}");
+ $tabid++;
+ $tab_array[$tabid] = array(gettext("Categories"), false, "/snort/snort_rulesets.php?id={$id}");
+ $tabid++;
+ $tab_array[$tabid] = array(gettext("Rules"), false, "/snort/snort_rules.php?id={$id}");
+ $tabid++;
+ $tab_array[$tabid] = array(gettext("Servers"), false, "/snort/snort_define_servers.php?id={$id}");
+ $tabid++;
+ $tab_array[$tabid] = array(gettext("Preprocessors"), false, "/snort/snort_preprocessors.php?id={$id}");
+ $tabid++;
+ $tab_array[$tabid] = array(gettext("Barnyard2"), false, "/snort/snort_barnyard.php?id={$id}");
+ display_top_tabs($tab_array);
+?>
+</td></tr>
+ <tr>
+ <td class="tabnavtbl">
+ <?php
+ if ($a_nat[$id]['interface'] != '') {
+ /* get the interface name */
+ $snortInterfaces = array(); /* -gtm */
+
+ $if_list = $config['installedpackages']['snortglobal']['rule'][$id]['interface'];
+ $if_array = split(',', $if_list);
+ if($if_array) {
+ foreach($if_array as $iface2) {
+ /* build a list of user specified interfaces -gtm */
+ $if2 = snort_get_real_interface($iface2);
+ if ($if2)
+ array_push($snortInterfaces, $if2);
+ }
+
+ if (count($snortInterfaces) < 1)
+ log_error("Snort will not start. You must select an interface for it to listen on.");
+ }
+
+ }
+ ?>
+ </td>
+ </tr>
+ <tr>
+ <td class="tabcont">
+ <table width="100%" border="0" cellpadding="6" cellspacing="0">
+ <tr>
+ <td colspan="2" valign="top" class="listtopic">General Settings</td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncellreq2">Enable</td>
+ <td width="22%" valign="top" class="vtable"> <?php
+ // <input name="enable" type="checkbox" value="yes" checked onClick="enable_change(false)">
+ // care with spaces
+ if ($pconfig['enable'] == "on")
+ $checked = checked;
+
+ $onclick_enable = "onClick=\"enable_change(false)\">";
+
+ echo "
+ <input name=\"enable\" type=\"checkbox\" value=\"on\" $checked $onclick_enable
+ Enable or Disable</td>\n\n";
+ ?></td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncellreq2">Interface</td>
+ <td width="78%" class="vtable">
+ <select name="interface" class="formfld">
+ <?php
+ if (function_exists('get_configured_interface_with_descr'))
+ $interfaces = get_configured_interface_with_descr();
+ else {
+ $interfaces = array('wan' => 'WAN', 'lan' => 'LAN');
+ for ($i = 1; isset($config['interfaces']['opt' . $i]); $i++) {
+ $interfaces['opt' . $i] = $config['interfaces']['opt' . $i]['descr'];
+ }
+ }
+ foreach ($interfaces as $iface => $ifacename): ?>
+ <option value="<?=$iface;?>"
+ <?php if ($iface == $pconfig['interface']) echo "selected"; ?>><?=htmlspecialchars($ifacename);?>
+ </option>
+ <?php endforeach; ?>
+ </select><br>
+ <span class="vexpl">Choose which interface this rule applies to.<br>
+ Hint: in most cases, you'll want to use WAN here.</span></td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncellreq2">Description</td>
+ <td width="78%" class="vtable"><input name="descr" type="text"
+ class="formfld" id="descr" size="40"
+ value="<?=htmlspecialchars($pconfig['descr']);?>"> <br>
+ <span class="vexpl">You may enter a description here for your
+ reference (not parsed).</span></td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncell2">Memory Performance</td>
+ <td width="78%" class="vtable"><select name="performance"
+ class="formfld" id="performance">
+ <?php
+ $interfaces2 = array('ac-bnfa' => 'AC-BNFA', 'lowmem' => 'LOWMEM', 'ac-std' => 'AC-STD', 'ac' => 'AC', 'ac-banded' => 'AC-BANDED', 'ac-sparsebands' => 'AC-SPARSEBANDS', 'acs' => 'ACS');
+ foreach ($interfaces2 as $iface2 => $ifacename2): ?>
+ <option value="<?=$iface2;?>"
+ <?php if ($iface2 == $pconfig['performance']) echo "selected"; ?>>
+ <?=htmlspecialchars($ifacename2);?></option>
+ <?php endforeach; ?>
+ </select><br>
+ <span class="vexpl">Lowmem and ac-bnfa are recommended for low end
+ systems, Ac: high memory, best performance, ac-std: moderate
+ memory,high performance, acs: small memory, moderateperformance,
+ ac-banded: small memory,moderate performance, ac-sparsebands: small
+ memory, high performance.<br>
+ </span></td>
+ </tr>
+ <tr>
+ <td colspan="2" valign="top" class="listtopic">Choose the networks
+ snort should inspect and whitelist.</td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncell2">Home net</td>
+ <td width="78%" class="vtable"><select name="homelistname"
+ class="formfld" id="homelistname">
+ <?php
+ echo "<option value='default' >default</option>";
+ /* find whitelist names and filter by type */
+ if (is_array($config['installedpackages']['snortglobal']['whitelist']['item'])) {
+ foreach ($config['installedpackages']['snortglobal']['whitelist']['item'] as $value) {
+ if ($value['snortlisttype'] == 'netlist') {
+ $ilistname = $value['name'];
+ if ($ilistname == $pconfig['homelistname'])
+ echo "<option value='$ilistname' selected>";
+ else
+ echo "<option value='$ilistname'>";
+ echo htmlspecialchars($ilistname) . '</option>';
+ }
+ }
+ }
+ ?>
+ </select><br>
+ <span class="vexpl">Choose the home net you will like this rule to
+ use. </span> <br/><span class="red">Note:</span> Default home
+ net adds only local networks.<br>
+ <span class="red">Hint:</span> Most users add a list of
+ friendly ips that the firewall cant see.</td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncell2">External net</td>
+ <td width="78%" class="vtable"><select name="externallistname"
+ class="formfld" id="externallistname">
+ <?php
+ echo "<option value='default' >default</option>";
+ /* find whitelist names and filter by type */
+ if (is_array($config['installedpackages']['snortglobal']['whitelist']['item'])) {
+ foreach ($config['installedpackages']['snortglobal']['whitelist']['item'] as $value) {
+ if ($value['snortlisttype'] == 'netlist') {
+ $ilistname = $value['name'];
+ if ($ilistname == $pconfig['externallistname'])
+ echo "<option value='$ilistname' selected>";
+ else
+ echo "<option value='$ilistname'>";
+ echo htmlspecialchars($ilistname) . '</option>';
+ }
+ }
+ }
+ ?>
+ </select><br/>
+ <span class="vexpl">Choose the external net you will like this rule
+ to use. </span> <br/><span class="red">Note:</span> Default
+ external net, networks that are not home net.<br>
+ <span class="red">Hint:</span> Most users should leave this
+ setting at default.</td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncell2">Block offenders</td>
+ <td width="78%" class="vtable">
+ <input name="blockoffenders7" id="blockoffenders7" type="checkbox" value="on"
+ <?php if ($pconfig['blockoffenders7'] == "on") echo "checked"; ?>
+ onClick="enable_blockoffenders()"><br>
+ Checking this option will automatically block hosts that generate a
+ Snort alert.</td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncell2">Kill states</td>
+ <td width="78%" class="vtable">
+ <input name="blockoffenderskill" id="blockoffenderskill" type="checkbox" value="on" <?php if ($pconfig['blockoffenderskill'] == "on") echo "checked"; ?>>
+ <br/>Should firewall states be killed for the blocked ip
+ </td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncell2">Which ip to block</td>
+ <td width="78%" class="vtable">
+ <select name="blockoffendersip" class="formfld" id="blockoffendersip">
+ <?php
+ foreach (array("src", "dst", "both") as $btype) {
+ if ($btype == $pconfig['blockoffendersip'])
+ echo "<option value='{$btype}' selected>";
+ else
+ echo "<option value='{$btype}'>";
+ echo htmlspecialchars($btype) . '</option>';
+ }
+ ?>
+ </select>
+ <br/> Which ip extracted from the packet you want to block
+ </td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncell2">Whitelist</td>
+ <td width="78%" class="vtable">
+ <select name="whitelistname" class="formfld" id="whitelistname">
+ <?php
+ /* find whitelist names and filter by type, make sure to track by uuid */
+ echo "<option value='default' >default</option>\n";
+ if (is_array($config['installedpackages']['snortglobal']['whitelist']['item'])) {
+ foreach ($config['installedpackages']['snortglobal']['whitelist']['item'] as $value) {
+ if ($value['snortlisttype'] == 'whitelist') {
+ if ($value['name'] == $pconfig['whitelistname'])
+ echo "<option value='{$value['name']}' selected>";
+ else
+ echo "<option value='{$value['name']}'>";
+ echo htmlspecialchars($value['name']) . '</option>';
+ }
+ }
+ }
+ ?>
+ </select><br>
+ <span class="vexpl">Choose the whitelist you will like this rule to
+ use. </span> <br/><span class="red">Note:</span> Default
+ whitelist adds only local networks.<br/>
+ <span class="red">Note:</span> This option will only be used when block offenders is on.
+ </td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncell2">Suppression and
+ filtering</td>
+ <td width="78%" class="vtable">
+ <select name="suppresslistname" class="formfld" id="suppresslistname">
+ <?php
+ echo "<option value='default' >default</option>\n";
+ if (is_array($config['installedpackages']['snortglobal']['suppress']['item'])) {
+ $slist_select = $config['installedpackages']['snortglobal']['suppress']['item'];
+ foreach ($slist_select as $value) {
+ $ilistname = $value['name'];
+ if ($ilistname == $pconfig['suppresslistname'])
+ echo "<option value='$ilistname' selected>";
+ else
+ echo "<option value='$ilistname'>";
+ echo htmlspecialchars($ilistname) . '</option>';
+ }
+ }
+ ?>
+ </select><br>
+ <span class="vexpl">Choose the suppression or filtering file you
+ will like this rule to use. </span> <br/><span class="red">Note:</span> Default
+ option disables suppression and filtering.</td>
+ </tr>
+
+ <tr>
+ <td colspan="2" valign="top" class="listtopic">Choose the types of
+ logs snort should create.</td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncell2">Send alerts to main
+ System logs</td>
+ <td width="78%" class="vtable"><input name="alertsystemlog"
+ type="checkbox" value="on"
+ <?php if ($pconfig['alertsystemlog'] == "on") echo "checked"; ?>
+ onClick="enable_change(false)"><br>
+ Snort will send Alerts to the firewall's system logs.</td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncell2">Log to a Tcpdump file</td>
+ <td width="78%" class="vtable"><input name="tcpdumplog"
+ type="checkbox" value="on"
+ <?php if ($pconfig['tcpdumplog'] == "on") echo "checked"; ?>
+ onClick="enable_change(false)"><br>
+ Snort will log packets to a tcpdump-formatted file. The file then
+ can be analyzed by an application such as Wireshark which
+ understands pcap file formats. <span class="red"><strong>WARNING:</strong></span>
+ File may become large.</td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncell2">Log Alerts to a snort unified file</td>
+ <td width="78%" class="vtable">
+ <input name="snortunifiedlogbasic" type="checkbox" value="on" <?php if ($pconfig['snortunifiedlogbasic'] == "on") echo "checked"; ?> onClick="enable_change(false)">
+ <br>
+ Snort will log Alerts to a file in the UNIFIED format.
+ </td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncell2">Log Alerts to a snort
+ unified2 file</td>
+ <td width="78%" class="vtable"><input name="snortunifiedlog"
+ type="checkbox" value="on"
+ <?php if ($pconfig['snortunifiedlog'] == "on") echo "checked"; ?>
+ onClick="enable_change(false)"><br>
+ Snort will log Alerts to a file in the UNIFIED2 format. This is a
+ requirement for barnyard2.</td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncell2">Log Alerts to a snort cvs file</td>
+ <td width="78%" class="vtable">
+ <input name="snortalertcvs" type="checkbox" value="on" <?php if ($pconfig['snortalertcvs'] == "on") echo "checked"; ?> onClick="enable_change(false)">
+ <br>
+ Snort will log Alerts to a file in the CVS format.
+ </td>
+ </tr>
+ <tr>
+ <td colspan="2" valign="top" class="listtopic">Arguments here will
+ be automatically inserted into the snort configuration.</td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncell2">Advanced configuration
+ pass through</td>
+ <td width="78%" class="vtable"><textarea wrap="off"
+ name="configpassthru" cols="75" rows="12" id="configpassthru"
+ class="formpre2"><?=htmlspecialchars($pconfig['configpassthru']);?></textarea>
+ </td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top"></td>
+ <td width="78%"><input name="Submit" type="submit" class="formbtn" value="Save">
+ <?php if (isset($id) && $a_nat[$id]): ?>
+ <input name="id" type="hidden" value="<?=$id;?>">
+ <?php endif; ?></td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top"> </td>
+ <td width="78%"><span class="vexpl"><span class="red"><strong>Note:</strong></span>
+ <br>
+ Please save your settings before you click start. </td>
+ </tr>
+ </table>
+
+</table>
+</form>
+
+<script language="JavaScript">
+<!--
+enable_change(false);
+enable_blockoffenders();
+//-->
+</script>
+
+<?php include("fend.inc"); ?>
+</body>
+</html>
diff --git a/config/snort-dev/snort_interfaces_global.php b/config/snort-dev/snort_interfaces_global.php index a267f561..1ad9016a 100644 --- a/config/snort-dev/snort_interfaces_global.php +++ b/config/snort-dev/snort_interfaces_global.php @@ -1,437 +1,437 @@ -<?php -/* - snort_interfaces_global.php - part of m0n0wall (http://m0n0.ch/wall) - - Copyright (C) 2003-2006 Manuel Kasper <mk@neon1.net>. - Copyright (C) 2011 Ermal Luci - All rights reserved. - - Copyright (C) 2008-2009 Robert Zelaya - Modified for the Pfsense snort package. - All rights reserved. - - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions are met: - - 1. Redistributions of source code must retain the above copyright notice, - this list of conditions and the following disclaimer. - - 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. - - THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, - INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY - AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, - OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - POSSIBILITY OF SUCH DAMAGE. - */ - - -require_once("guiconfig.inc"); -require_once("/usr/local/pkg/snort/snort_gui.inc"); -require_once("/usr/local/pkg/snort/snort.inc"); - -global $g; - -$d_snort_global_dirty_path = '/var/run/snort_global.dirty'; - -/* make things short */ -$pconfig['snortdownload'] = $config['installedpackages']['snortglobal']['snortdownload']; -$pconfig['oinkmastercode'] = $config['installedpackages']['snortglobal']['oinkmastercode']; -$pconfig['emergingthreats'] = $config['installedpackages']['snortglobal']['emergingthreats']; -$pconfig['rm_blocked'] = $config['installedpackages']['snortglobal']['rm_blocked']; -$pconfig['snortloglimit'] = $config['installedpackages']['snortglobal']['snortloglimit']; -$pconfig['snortloglimitsize'] = $config['installedpackages']['snortglobal']['snortloglimitsize']; -$pconfig['autorulesupdate7'] = $config['installedpackages']['snortglobal']['autorulesupdate7']; -$pconfig['snortalertlogtype'] = $config['installedpackages']['snortglobal']['snortalertlogtype']; -$pconfig['forcekeepsettings'] = $config['installedpackages']['snortglobal']['forcekeepsettings']; - -/* if no errors move foward */ -if (!$input_errors) { - - if ($_POST["Submit"]) { - - $config['installedpackages']['snortglobal']['snortdownload'] = $_POST['snortdownload']; - $config['installedpackages']['snortglobal']['oinkmastercode'] = $_POST['oinkmastercode']; - $config['installedpackages']['snortglobal']['emergingthreats'] = $_POST['emergingthreats'] ? 'on' : 'off'; - $config['installedpackages']['snortglobal']['rm_blocked'] = $_POST['rm_blocked']; - if ($_POST['snortloglimitsize']) { - $config['installedpackages']['snortglobal']['snortloglimit'] = $_POST['snortloglimit']; - $config['installedpackages']['snortglobal']['snortloglimitsize'] = $_POST['snortloglimitsize']; - } else { - $config['installedpackages']['snortglobal']['snortloglimit'] = 'on'; - - /* code will set limit to 21% of slice that is unused */ - $snortloglimitDSKsize = round(exec('df -k /var | grep -v "Filesystem" | awk \'{print $4}\'') * .22 / 1024); - $config['installedpackages']['snortglobal']['snortloglimitsize'] = $snortloglimitDSKsize; - } - $config['installedpackages']['snortglobal']['autorulesupdate7'] = $_POST['autorulesupdate7']; - $config['installedpackages']['snortglobal']['snortalertlogtype'] = $_POST['snortalertlogtype']; - $config['installedpackages']['snortglobal']['forcekeepsettings'] = $_POST['forcekeepsettings'] ? 'on' : 'off'; - - $retval = 0; - - $snort_snortloglimit_info_ck = $config['installedpackages']['snortglobal']['snortloglimit']; - snort_snortloglimit_install_cron($snort_snortloglimit_info_ck == 'ok' ? true : false); - - /* set the snort block hosts time IMPORTANT */ - $snort_rm_blocked_info_ck = $config['installedpackages']['snortglobal']['rm_blocked']; - if ($snort_rm_blocked_info_ck == "never_b") - $snort_rm_blocked_false = false; - else - $snort_rm_blocked_false = true; - - snort_rm_blocked_install_cron($snort_rm_blocked_false); - - /* set the snort rules update time */ - $snort_rules_up_info_ck = $config['installedpackages']['snortglobal']['autorulesupdate7']; - if ($snort_rules_up_info_ck == "never_up") - $snort_rules_up_false = false; - else - $snort_rules_up_false = true; - - snort_rules_up_install_cron($snort_rules_up_false); - - configure_cron(); - write_config(); - - /* create whitelist and homenet file then sync files */ - sync_snort_package_config(); - - /* forces page to reload new settings */ - header( 'Expires: Sat, 26 Jul 1997 05:00:00 GMT' ); - header( 'Last-Modified: ' . gmdate( 'D, d M Y H:i:s' ) . ' GMT' ); - header( 'Cache-Control: no-store, no-cache, must-revalidate' ); - header( 'Cache-Control: post-check=0, pre-check=0', false ); - header( 'Pragma: no-cache' ); - header("Location: /snort/snort_interfaces_global.php"); - exit; - } -} - - -if ($_POST["Reset"]) { - - function snort_deinstall_settings() { - global $config, $g, $id, $if_real; - - exec("/usr/usr/bin/killall snort"); - sleep(2); - exec("/usr/usr/bin/killall -9 snort"); - sleep(2); - exec("/usr/usr/bin/killall barnyard2"); - sleep(2); - exec("/usr/usr/bin/killall -9 barnyard2"); - sleep(2); - - /* Remove snort cron entries Ugly code needs smoothness*/ - if (!function_exists('snort_deinstall_cron')) { - function snort_deinstall_cron($cronmatch) { - global $config, $g; - - - if(!$config['cron']['item']) - return; - - $x=0; - $is_installed = false; - foreach($config['cron']['item'] as $item) { - if (strstr($item['command'], $cronmatch)) { - $is_installed = true; - break; - } - $x++; - } - if($is_installed == true) - unset($config['cron']['item'][$x]); - - configure_cron(); - } - } - - snort_deinstall_cron("snort2c"); - snort_deinstall_cron("snort_check_for_rule_updates.php"); - - - /* Unset snort registers in conf.xml IMPORTANT snort will not start with out this */ - /* Keep this as a last step */ - unset($config['installedpackages']['snortglobal']); - - /* remove all snort iface dir */ - exec('rm -r /usr/local/etc/snort/snort_*'); - exec('rm /var/log/snort/*'); - } - - snort_deinstall_settings(); - write_config(); /* XXX */ - - header( 'Expires: Sat, 26 Jul 1997 05:00:00 GMT' ); - header( 'Last-Modified: ' . gmdate( 'D, d M Y H:i:s' ) . ' GMT' ); - header( 'Cache-Control: no-store, no-cache, must-revalidate' ); - header( 'Cache-Control: post-check=0, pre-check=0', false ); - header( 'Pragma: no-cache' ); - header("Location: /snort/snort_interfaces_global.php"); - exit; -} - -$pgtitle = 'Services: Snort: Global Settings'; -include_once("head.inc"); - -?> - -<body link="#000000" vlink="#000000" alink="#000000"> - -<?php -echo "{$snort_general_css}\n"; -echo "$snort_interfaces_css\n"; - -include_once("fbegin.inc"); - -if($pfsense_stable == 'yes') - echo '<p class="pgtitle">' . $pgtitle . '</p>'; -?> - -<noscript> -<div class="alert" ALIGN=CENTER><img - src="../themes/<?php echo $g['theme']; ?>/images/icons/icon_alert.gif" /><strong>Please -enable JavaScript to view this content -</CENTER></div> -</noscript> - -<form action="snort_interfaces_global.php" method="post" enctype="multipart/form-data" name="iform" id="iform"> -<?php - /* Display Alert message, under form tag or no refresh */ - if ($input_errors) - print_input_errors($input_errors); // TODO: add checks - - if (!$input_errors) { - if (file_exists($d_snort_global_dirty_path)) { - print_info_box_np2(' - The Snort configuration has changed and snort needs to be restarted on this interface.<br> - You must apply the changes in order for them to take effect.<br> - '); - } - } -?> - -<table width="100%" border="0" cellpadding="0" cellspacing="0"> -<tr><td> -<?php - $tab_array = array(); - $tab_array[0] = array(gettext("Snort Interfaces"), false, "/snort/snort_interfaces.php"); - $tab_array[1] = array(gettext("Global Settings"), true, "/snort/snort_interfaces_global.php"); - $tab_array[2] = array(gettext("Updates"), false, "/snort/snort_download_updates.php"); - $tab_array[3] = array(gettext("Alerts"), false, "/snort/snort_alerts.php"); - $tab_array[4] = array(gettext("Blocked"), false, "/snort/snort_blocked.php"); - $tab_array[5] = array(gettext("Whitelists"), false, "/snort/snort_interfaces_whitelist.php"); - $tab_array[6] = array(gettext("Suppress"), false, "/snort/snort_interfaces_suppress.php"); - $tab_array[7] = array(gettext("Help"), false, "/snort/help_and_info.php"); - display_top_tabs($tab_array); -?> -</td></tr> -<tr> - <td class="tabcont"> - <table id="maintable2" width="100%" border="0" cellpadding="6" - cellspacing="0"> - <tr> - <tr> - <td colspan="2" valign="top" class="listtopic">Please Choose The - Type Of Rules You Wish To Download</td> - </tr> - <td width="22%" valign="top" class="vncell2">Install Snort.org rules</td> - <td width="78%" class="vtable"> - <table cellpadding="0" cellspacing="0"> - <tr> - <td colspan="2"><input name="snortdownload" type="radio" - id="snortdownload" value="off" onClick="enable_change(false)" - <?php if($pconfig['snortdownload']=='off' || $pconfig['snortdownload']=='') echo 'checked'; ?>> - Do <strong>NOT</strong> Install</td> - </tr> - <tr> - <td colspan="2"><input name="snortdownload" type="radio" - id="snortdownload" value="on" onClick="enable_change(false)" - <?php if($pconfig['snortdownload']=='on') echo 'checked'; ?>> Install - Basic Rules or Premium rules <br> - <a - href="https://www.snort.org/signup" target="_blank">Sign Up for a - Basic Rule Account</a><br> - <a - href="http://www.snort.org/vrt/buy-a-subscription" - target="_blank">Sign Up for Sourcefire VRT Certified Premium - Rules. This Is Highly Recommended</a></td> - </tr> - <tr> - <td> </td> - </tr> - </table> - <table width="100%" border="0" cellpadding="6" cellspacing="0"> - <tr> - <td colspan="2" valign="top" class="optsect_t2">Oinkmaster code</td> - </tr> - <tr> - <td class="vncell2" valign="top">Code</td> - <td class="vtable"><input name="oinkmastercode" type="text" - class="formfld" id="oinkmastercode" size="52" - value="<?=htmlspecialchars($pconfig['oinkmastercode']);?>"><br> - Obtain a snort.org Oinkmaster code and paste here.</td> - - </table> - - </tr> - <tr> - <td width="22%" valign="top" class="vncell2">Install <strong>Emergingthreats</strong> - rules</td> - <td width="78%" class="vtable"><input name="emergingthreats" - type="checkbox" value="yes" - <?php if ($config['installedpackages']['snortglobal']['emergingthreats']=="on") echo "checked"; ?> - onClick="enable_change(false)"><br> - Emerging Threats is an open source community that produces fastest - moving and diverse Snort Rules.</td> - </tr> - <tr> - <td width="22%" valign="top" class="vncell2">Update rules - automatically</td> - <td width="78%" class="vtable"><select name="autorulesupdate7" - class="formfld" id="autorulesupdate7"> - <?php - $interfaces3 = array('never_up' => 'NEVER', '6h_up' => '6 HOURS', '12h_up' => '12 HOURS', '1d_up' => '1 DAY', '4d_up' => '4 DAYS', '7d_up' => '7 DAYS', '28d_up' => '28 DAYS'); - foreach ($interfaces3 as $iface3 => $ifacename3): ?> - <option value="<?=$iface3;?>" - <?php if ($iface3 == $pconfig['autorulesupdate7']) echo "selected"; ?>> - <?=htmlspecialchars($ifacename3);?></option> - <?php endforeach; ?> - </select><br> - <span class="vexpl">Please select the update times for rules.<br> - Hint: in most cases, every 12 hours is a good choice.</span></td> - </tr> - <tr> - <td colspan="2" valign="top" class="listtopic">General Settings</td> - </tr> - - <tr> - <?php $snortlogCurrentDSKsize = round(exec('df -k /var | grep -v "Filesystem" | awk \'{print $4}\'') / 1024); ?> - <td width="22%" valign="top" class="vncell2">Log Directory Size - Limit<br> - <br> - <br> - <br> - <br> - <br> - <span class="red"><strong>Note</span>:</strong><br> - Available space is <strong><?php echo $snortlogCurrentDSKsize; ?>MB</strong></td> - <td width="78%" class="vtable"> - <table cellpadding="0" cellspacing="0"> - <tr> - <td colspan="2"><input name="snortloglimit" type="radio" - id="snortloglimit" value="on" onClick="enable_change(false)" - <?php if($pconfig['snortloglimit']=='on') echo 'checked'; ?>> - <strong>Enable</strong> directory size limit (<strong>Default</strong>)</td> - </tr> - <tr> - <td colspan="2"><input name="snortloglimit" type="radio" - id="snortloglimit" value="off" onClick="enable_change(false)" - <?php if($pconfig['snortloglimit']=='off') echo 'checked'; ?>> <strong>Disable</strong> - directory size limit<br> - <br> - <span class="red"><strong>Warning</span>:</strong> Nanobsd - should use no more than 10MB of space.</td> - </tr> - <tr> - <td> </td> - </tr> - </table> - <table width="100%" border="0" cellpadding="6" cellspacing="0"> - <tr> - <td class="vncell3">Size in <strong>MB</strong></td> - <td class="vtable"><input name="snortloglimitsize" type="text" - class="formfld" id="snortloglimitsize" size="7" - value="<?=htmlspecialchars($pconfig['snortloglimitsize']);?>"> - Default is <strong>20%</strong> of available space.</td> - - </table> - - </tr> - - <tr> - <td width="22%" valign="top" class="vncell2">Remove blocked hosts - every</td> - <td width="78%" class="vtable"><select name="rm_blocked" - class="formfld" id="rm_blocked"> - <?php - $interfaces3 = array('never_b' => 'NEVER', '1h_b' => '1 HOUR', '3h_b' => '3 HOURS', '6h_b' => '6 HOURS', '12h_b' => '12 HOURS', '1d_b' => '1 DAY', '4d_b' => '4 DAYS', '7d_b' => '7 DAYS', '28d_b' => '28 DAYS'); - foreach ($interfaces3 as $iface3 => $ifacename3): ?> - <option value="<?=$iface3;?>" - <?php if ($iface3 == $pconfig['rm_blocked']) echo "selected"; ?>> - <?=htmlspecialchars($ifacename3);?></option> - <?php endforeach; ?> - </select><br> - <span class="vexpl">Please select the amount of time you would like - hosts to be blocked for.<br> - Hint: in most cases, 1 hour is a good choice.</span></td> - </tr> - <tr> - <td width="22%" valign="top" class="vncell2">Alerts file description - type</td> - <td width="78%" class="vtable"><select name="snortalertlogtype" - class="formfld" id="snortalertlogtype"> - <?php - $interfaces4 = array('full' => 'FULL', 'fast' => 'SHORT'); - foreach ($interfaces4 as $iface4 => $ifacename4): ?> - <option value="<?=$iface4;?>" - <?php if ($iface4 == $pconfig['snortalertlogtype']) echo "selected"; ?>> - <?=htmlspecialchars($ifacename4);?></option> - <?php endforeach; ?> - </select><br> - <span class="vexpl">Please choose the type of Alert logging you will - like see in your alert file.<br> - Hint: Best pratice is to chose full logging.</span> <span - class="red"><strong>WARNING:</strong></span> <strong>On - change, alert file will be cleared.</strong></td> - </tr> - <tr> - <td width="22%" valign="top" class="vncell2">Keep snort settings - after deinstall</td> - <td width="78%" class="vtable"><input name="forcekeepsettings" - id="forcekeepsettings" type="checkbox" value="yes" - <?php if ($config['installedpackages']['snortglobal']['forcekeepsettings']=="on") echo "checked"; ?> - onClick="enable_change(false)"><br> - Settings will not be removed during deinstall.</td> - </tr> - <tr> - <td width="22%" valign="top"><input name="Reset" type="submit" - class="formbtn" value="Reset" - onclick="return confirm('Do you really want to delete all global and interface settings?')"><span - class="red"><strong> WARNING:</strong><br> - This will reset all global and interface settings.</span></td> - <td width="78%"><input name="Submit" type="submit" class="formbtn" - value="Save" onClick="enable_change(true)"> - </td> - </tr> - <tr> - <td width="22%" valign="top"> </td> - <td width="78%"><span class="vexpl"><span class="red"><strong>Note:<br> - </strong></span> Changing any settings on this page will affect all - interfaces. Please, double check if your oink code is correct and - the type of snort.org account you hold.</span></td> - </tr> - </table> - </td> - </tr> -</table> -</form> - -</div> - - <?php include("fend.inc"); ?> - - <?php echo "$snort_custom_rnd_box\n"; ?> - -</body> -</html> +<?php
+/*
+ snort_interfaces_global.php
+ part of m0n0wall (http://m0n0.ch/wall)
+
+ Copyright (C) 2003-2006 Manuel Kasper <mk@neon1.net>.
+ Copyright (C) 2011 Ermal Luci
+ All rights reserved.
+
+ Copyright (C) 2008-2009 Robert Zelaya
+ Modified for the Pfsense snort package.
+ All rights reserved.
+
+ Redistribution and use in source and binary forms, with or without
+ modification, are permitted provided that the following conditions are met:
+
+ 1. Redistributions of source code must retain the above copyright notice,
+ this list of conditions and the following disclaimer.
+
+ 2. Redistributions in binary form must reproduce the above copyright
+ notice, this list of conditions and the following disclaimer in the
+ documentation and/or other materials provided with the distribution.
+
+ THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
+ INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
+ AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
+ OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ POSSIBILITY OF SUCH DAMAGE.
+ */
+
+
+require_once("guiconfig.inc");
+require_once("/usr/local/pkg/snort/snort_gui.inc");
+require_once("/usr/local/pkg/snort/snort.inc");
+
+global $g;
+
+$d_snort_global_dirty_path = '/var/run/snort_global.dirty';
+
+/* make things short */
+$pconfig['snortdownload'] = $config['installedpackages']['snortglobal']['snortdownload'];
+$pconfig['oinkmastercode'] = $config['installedpackages']['snortglobal']['oinkmastercode'];
+$pconfig['emergingthreats'] = $config['installedpackages']['snortglobal']['emergingthreats'];
+$pconfig['rm_blocked'] = $config['installedpackages']['snortglobal']['rm_blocked'];
+$pconfig['snortloglimit'] = $config['installedpackages']['snortglobal']['snortloglimit'];
+$pconfig['snortloglimitsize'] = $config['installedpackages']['snortglobal']['snortloglimitsize'];
+$pconfig['autorulesupdate7'] = $config['installedpackages']['snortglobal']['autorulesupdate7'];
+$pconfig['snortalertlogtype'] = $config['installedpackages']['snortglobal']['snortalertlogtype'];
+$pconfig['forcekeepsettings'] = $config['installedpackages']['snortglobal']['forcekeepsettings'];
+
+/* if no errors move foward */
+if (!$input_errors) {
+
+ if ($_POST["Submit"]) {
+
+ $config['installedpackages']['snortglobal']['snortdownload'] = $_POST['snortdownload'];
+ $config['installedpackages']['snortglobal']['oinkmastercode'] = $_POST['oinkmastercode'];
+ $config['installedpackages']['snortglobal']['emergingthreats'] = $_POST['emergingthreats'] ? 'on' : 'off';
+ $config['installedpackages']['snortglobal']['rm_blocked'] = $_POST['rm_blocked'];
+ if ($_POST['snortloglimitsize']) {
+ $config['installedpackages']['snortglobal']['snortloglimit'] = $_POST['snortloglimit'];
+ $config['installedpackages']['snortglobal']['snortloglimitsize'] = $_POST['snortloglimitsize'];
+ } else {
+ $config['installedpackages']['snortglobal']['snortloglimit'] = 'on';
+
+ /* code will set limit to 21% of slice that is unused */
+ $snortloglimitDSKsize = round(exec('df -k /var | grep -v "Filesystem" | awk \'{print $4}\'') * .22 / 1024);
+ $config['installedpackages']['snortglobal']['snortloglimitsize'] = $snortloglimitDSKsize;
+ }
+ $config['installedpackages']['snortglobal']['autorulesupdate7'] = $_POST['autorulesupdate7'];
+ $config['installedpackages']['snortglobal']['snortalertlogtype'] = $_POST['snortalertlogtype'];
+ $config['installedpackages']['snortglobal']['forcekeepsettings'] = $_POST['forcekeepsettings'] ? 'on' : 'off';
+
+ $retval = 0;
+
+ $snort_snortloglimit_info_ck = $config['installedpackages']['snortglobal']['snortloglimit'];
+ snort_snortloglimit_install_cron($snort_snortloglimit_info_ck == 'ok' ? true : false);
+
+ /* set the snort block hosts time IMPORTANT */
+ $snort_rm_blocked_info_ck = $config['installedpackages']['snortglobal']['rm_blocked'];
+ if ($snort_rm_blocked_info_ck == "never_b")
+ $snort_rm_blocked_false = false;
+ else
+ $snort_rm_blocked_false = true;
+
+ snort_rm_blocked_install_cron($snort_rm_blocked_false);
+
+ /* set the snort rules update time */
+ $snort_rules_up_info_ck = $config['installedpackages']['snortglobal']['autorulesupdate7'];
+ if ($snort_rules_up_info_ck == "never_up")
+ $snort_rules_up_false = false;
+ else
+ $snort_rules_up_false = true;
+
+ snort_rules_up_install_cron($snort_rules_up_false);
+
+ configure_cron();
+ write_config();
+
+ /* create whitelist and homenet file then sync files */
+ sync_snort_package_config();
+
+ /* forces page to reload new settings */
+ header( 'Expires: Sat, 26 Jul 1997 05:00:00 GMT' );
+ header( 'Last-Modified: ' . gmdate( 'D, d M Y H:i:s' ) . ' GMT' );
+ header( 'Cache-Control: no-store, no-cache, must-revalidate' );
+ header( 'Cache-Control: post-check=0, pre-check=0', false );
+ header( 'Pragma: no-cache' );
+ header("Location: /snort/snort_interfaces_global.php");
+ exit;
+ }
+}
+
+
+if ($_POST["Reset"]) {
+
+ function snort_deinstall_settings() {
+ global $config, $g, $id, $if_real;
+
+ exec("/usr/usr/bin/killall snort");
+ sleep(2);
+ exec("/usr/usr/bin/killall -9 snort");
+ sleep(2);
+ exec("/usr/usr/bin/killall barnyard2");
+ sleep(2);
+ exec("/usr/usr/bin/killall -9 barnyard2");
+ sleep(2);
+
+ /* Remove snort cron entries Ugly code needs smoothness*/
+ if (!function_exists('snort_deinstall_cron')) {
+ function snort_deinstall_cron($cronmatch) {
+ global $config, $g;
+
+
+ if(!$config['cron']['item'])
+ return;
+
+ $x=0;
+ $is_installed = false;
+ foreach($config['cron']['item'] as $item) {
+ if (strstr($item['command'], $cronmatch)) {
+ $is_installed = true;
+ break;
+ }
+ $x++;
+ }
+ if($is_installed == true)
+ unset($config['cron']['item'][$x]);
+
+ configure_cron();
+ }
+ }
+
+ snort_deinstall_cron("snort2c");
+ snort_deinstall_cron("snort_check_for_rule_updates.php");
+
+
+ /* Unset snort registers in conf.xml IMPORTANT snort will not start with out this */
+ /* Keep this as a last step */
+ unset($config['installedpackages']['snortglobal']);
+
+ /* remove all snort iface dir */
+ exec('rm -r /usr/local/etc/snort/snort_*');
+ exec('rm /var/log/snort/*');
+ }
+
+ snort_deinstall_settings();
+ write_config(); /* XXX */
+
+ header( 'Expires: Sat, 26 Jul 1997 05:00:00 GMT' );
+ header( 'Last-Modified: ' . gmdate( 'D, d M Y H:i:s' ) . ' GMT' );
+ header( 'Cache-Control: no-store, no-cache, must-revalidate' );
+ header( 'Cache-Control: post-check=0, pre-check=0', false );
+ header( 'Pragma: no-cache' );
+ header("Location: /snort/snort_interfaces_global.php");
+ exit;
+}
+
+$pgtitle = 'Services: Snort: Global Settings';
+include_once("head.inc");
+
+?>
+
+<body link="#000000" vlink="#000000" alink="#000000">
+
+<?php
+echo "{$snort_general_css}\n";
+echo "$snort_interfaces_css\n";
+
+include_once("fbegin.inc");
+
+if($pfsense_stable == 'yes')
+ echo '<p class="pgtitle">' . $pgtitle . '</p>';
+?>
+
+<noscript>
+<div class="alert" ALIGN=CENTER><img
+ src="../themes/<?php echo $g['theme']; ?>/images/icons/icon_alert.gif" /><strong>Please
+enable JavaScript to view this content
+</CENTER></div>
+</noscript>
+
+<form action="snort_interfaces_global.php" method="post" enctype="multipart/form-data" name="iform" id="iform">
+<?php
+ /* Display Alert message, under form tag or no refresh */
+ if ($input_errors)
+ print_input_errors($input_errors); // TODO: add checks
+
+ if (!$input_errors) {
+ if (file_exists($d_snort_global_dirty_path)) {
+ print_info_box_np2('
+ The Snort configuration has changed and snort needs to be restarted on this interface.<br>
+ You must apply the changes in order for them to take effect.<br>
+ ');
+ }
+ }
+?>
+
+<table width="100%" border="0" cellpadding="0" cellspacing="0">
+<tr><td>
+<?php
+ $tab_array = array();
+ $tab_array[0] = array(gettext("Snort Interfaces"), false, "/snort/snort_interfaces.php");
+ $tab_array[1] = array(gettext("Global Settings"), true, "/snort/snort_interfaces_global.php");
+ $tab_array[2] = array(gettext("Updates"), false, "/snort/snort_download_updates.php");
+ $tab_array[3] = array(gettext("Alerts"), false, "/snort/snort_alerts.php");
+ $tab_array[4] = array(gettext("Blocked"), false, "/snort/snort_blocked.php");
+ $tab_array[5] = array(gettext("Whitelists"), false, "/snort/snort_interfaces_whitelist.php");
+ $tab_array[6] = array(gettext("Suppress"), false, "/snort/snort_interfaces_suppress.php");
+ $tab_array[7] = array(gettext("Help"), false, "/snort/help_and_info.php");
+ display_top_tabs($tab_array);
+?>
+</td></tr>
+<tr>
+ <td class="tabcont">
+ <table id="maintable2" width="100%" border="0" cellpadding="6"
+ cellspacing="0">
+ <tr>
+ <tr>
+ <td colspan="2" valign="top" class="listtopic">Please Choose The
+ Type Of Rules You Wish To Download</td>
+ </tr>
+ <td width="22%" valign="top" class="vncell2">Install Snort.org rules</td>
+ <td width="78%" class="vtable">
+ <table cellpadding="0" cellspacing="0">
+ <tr>
+ <td colspan="2"><input name="snortdownload" type="radio"
+ id="snortdownload" value="off" onClick="enable_change(false)"
+ <?php if($pconfig['snortdownload']=='off' || $pconfig['snortdownload']=='') echo 'checked'; ?>>
+ Do <strong>NOT</strong> Install</td>
+ </tr>
+ <tr>
+ <td colspan="2"><input name="snortdownload" type="radio"
+ id="snortdownload" value="on" onClick="enable_change(false)"
+ <?php if($pconfig['snortdownload']=='on') echo 'checked'; ?>> Install
+ Basic Rules or Premium rules <br>
+ <a
+ href="https://www.snort.org/signup" target="_blank">Sign Up for a
+ Basic Rule Account</a><br>
+ <a
+ href="http://www.snort.org/vrt/buy-a-subscription"
+ target="_blank">Sign Up for Sourcefire VRT Certified Premium
+ Rules. This Is Highly Recommended</a></td>
+ </tr>
+ <tr>
+ <td> </td>
+ </tr>
+ </table>
+ <table width="100%" border="0" cellpadding="6" cellspacing="0">
+ <tr>
+ <td colspan="2" valign="top" class="optsect_t2">Oinkmaster code</td>
+ </tr>
+ <tr>
+ <td class="vncell2" valign="top">Code</td>
+ <td class="vtable"><input name="oinkmastercode" type="text"
+ class="formfld" id="oinkmastercode" size="52"
+ value="<?=htmlspecialchars($pconfig['oinkmastercode']);?>"><br>
+ Obtain a snort.org Oinkmaster code and paste here.</td>
+
+ </table>
+
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncell2">Install <strong>Emergingthreats</strong>
+ rules</td>
+ <td width="78%" class="vtable"><input name="emergingthreats"
+ type="checkbox" value="yes"
+ <?php if ($config['installedpackages']['snortglobal']['emergingthreats']=="on") echo "checked"; ?>
+ onClick="enable_change(false)"><br>
+ Emerging Threats is an open source community that produces fastest
+ moving and diverse Snort Rules.</td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncell2">Update rules
+ automatically</td>
+ <td width="78%" class="vtable"><select name="autorulesupdate7"
+ class="formfld" id="autorulesupdate7">
+ <?php
+ $interfaces3 = array('never_up' => 'NEVER', '6h_up' => '6 HOURS', '12h_up' => '12 HOURS', '1d_up' => '1 DAY', '4d_up' => '4 DAYS', '7d_up' => '7 DAYS', '28d_up' => '28 DAYS');
+ foreach ($interfaces3 as $iface3 => $ifacename3): ?>
+ <option value="<?=$iface3;?>"
+ <?php if ($iface3 == $pconfig['autorulesupdate7']) echo "selected"; ?>>
+ <?=htmlspecialchars($ifacename3);?></option>
+ <?php endforeach; ?>
+ </select><br>
+ <span class="vexpl">Please select the update times for rules.<br>
+ Hint: in most cases, every 12 hours is a good choice.</span></td>
+ </tr>
+ <tr>
+ <td colspan="2" valign="top" class="listtopic">General Settings</td>
+ </tr>
+
+ <tr>
+ <?php $snortlogCurrentDSKsize = round(exec('df -k /var | grep -v "Filesystem" | awk \'{print $4}\'') / 1024); ?>
+ <td width="22%" valign="top" class="vncell2">Log Directory Size
+ Limit<br>
+ <br>
+ <br>
+ <br>
+ <br>
+ <br>
+ <span class="red"><strong>Note</span>:</strong><br>
+ Available space is <strong><?php echo $snortlogCurrentDSKsize; ?>MB</strong></td>
+ <td width="78%" class="vtable">
+ <table cellpadding="0" cellspacing="0">
+ <tr>
+ <td colspan="2"><input name="snortloglimit" type="radio"
+ id="snortloglimit" value="on" onClick="enable_change(false)"
+ <?php if($pconfig['snortloglimit']=='on') echo 'checked'; ?>>
+ <strong>Enable</strong> directory size limit (<strong>Default</strong>)</td>
+ </tr>
+ <tr>
+ <td colspan="2"><input name="snortloglimit" type="radio"
+ id="snortloglimit" value="off" onClick="enable_change(false)"
+ <?php if($pconfig['snortloglimit']=='off') echo 'checked'; ?>> <strong>Disable</strong>
+ directory size limit<br>
+ <br>
+ <span class="red"><strong>Warning</span>:</strong> Nanobsd
+ should use no more than 10MB of space.</td>
+ </tr>
+ <tr>
+ <td> </td>
+ </tr>
+ </table>
+ <table width="100%" border="0" cellpadding="6" cellspacing="0">
+ <tr>
+ <td class="vncell3">Size in <strong>MB</strong></td>
+ <td class="vtable"><input name="snortloglimitsize" type="text"
+ class="formfld" id="snortloglimitsize" size="7"
+ value="<?=htmlspecialchars($pconfig['snortloglimitsize']);?>">
+ Default is <strong>20%</strong> of available space.</td>
+
+ </table>
+
+ </tr>
+
+ <tr>
+ <td width="22%" valign="top" class="vncell2">Remove blocked hosts
+ every</td>
+ <td width="78%" class="vtable"><select name="rm_blocked"
+ class="formfld" id="rm_blocked">
+ <?php
+ $interfaces3 = array('never_b' => 'NEVER', '1h_b' => '1 HOUR', '3h_b' => '3 HOURS', '6h_b' => '6 HOURS', '12h_b' => '12 HOURS', '1d_b' => '1 DAY', '4d_b' => '4 DAYS', '7d_b' => '7 DAYS', '28d_b' => '28 DAYS');
+ foreach ($interfaces3 as $iface3 => $ifacename3): ?>
+ <option value="<?=$iface3;?>"
+ <?php if ($iface3 == $pconfig['rm_blocked']) echo "selected"; ?>>
+ <?=htmlspecialchars($ifacename3);?></option>
+ <?php endforeach; ?>
+ </select><br>
+ <span class="vexpl">Please select the amount of time you would like
+ hosts to be blocked for.<br>
+ Hint: in most cases, 1 hour is a good choice.</span></td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncell2">Alerts file description
+ type</td>
+ <td width="78%" class="vtable"><select name="snortalertlogtype"
+ class="formfld" id="snortalertlogtype">
+ <?php
+ $interfaces4 = array('full' => 'FULL', 'fast' => 'SHORT');
+ foreach ($interfaces4 as $iface4 => $ifacename4): ?>
+ <option value="<?=$iface4;?>"
+ <?php if ($iface4 == $pconfig['snortalertlogtype']) echo "selected"; ?>>
+ <?=htmlspecialchars($ifacename4);?></option>
+ <?php endforeach; ?>
+ </select><br>
+ <span class="vexpl">Please choose the type of Alert logging you will
+ like see in your alert file.<br>
+ Hint: Best pratice is to chose full logging.</span> <span
+ class="red"><strong>WARNING:</strong></span> <strong>On
+ change, alert file will be cleared.</strong></td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncell2">Keep snort settings
+ after deinstall</td>
+ <td width="78%" class="vtable"><input name="forcekeepsettings"
+ id="forcekeepsettings" type="checkbox" value="yes"
+ <?php if ($config['installedpackages']['snortglobal']['forcekeepsettings']=="on") echo "checked"; ?>
+ onClick="enable_change(false)"><br>
+ Settings will not be removed during deinstall.</td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top"><input name="Reset" type="submit"
+ class="formbtn" value="Reset"
+ onclick="return confirm('Do you really want to delete all global and interface settings?')"><span
+ class="red"><strong> WARNING:</strong><br>
+ This will reset all global and interface settings.</span></td>
+ <td width="78%"><input name="Submit" type="submit" class="formbtn"
+ value="Save" onClick="enable_change(true)">
+ </td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top"> </td>
+ <td width="78%"><span class="vexpl"><span class="red"><strong>Note:<br>
+ </strong></span> Changing any settings on this page will affect all
+ interfaces. Please, double check if your oink code is correct and
+ the type of snort.org account you hold.</span></td>
+ </tr>
+ </table>
+ </td>
+ </tr>
+</table>
+</form>
+
+</div>
+
+ <?php include("fend.inc"); ?>
+
+ <?php echo "$snort_custom_rnd_box\n"; ?>
+
+</body>
+</html>
diff --git a/config/snort-dev/snort_interfaces_suppress.php b/config/snort-dev/snort_interfaces_suppress.php index 4eeed42d..cde6d3eb 100644 --- a/config/snort-dev/snort_interfaces_suppress.php +++ b/config/snort-dev/snort_interfaces_suppress.php @@ -1,171 +1,171 @@ -<?php -/* $Id$ */ -/* - Copyright (C) 2004 Scott Ullrich - Copyright (C) 2011 Ermal Luci - All rights reserved. - - originially part of m0n0wall (http://m0n0.ch/wall) - Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>. - All rights reserved. - - modified for the pfsense snort package - Copyright (C) 2009-2010 Robert Zelaya. - All rights reserved. - - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions are met: - - 1. Redistributions of source code must retain the above copyright notice, - this list of conditions and the following disclaimer. - - 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. - - THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, - INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY - AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, - OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - POSSIBILITY OF SUCH DAMAGE. - */ - -require_once("guiconfig.inc"); -require_once("/usr/local/pkg/snort/snort_gui.inc"); -require_once("/usr/local/pkg/snort/snort.inc"); - - -if (!is_array($config['installedpackages']['snortglobal']['suppress'])) - $config['installedpackages']['snortglobal']['suppress'] = array(); -if (!is_array($config['installedpackages']['snortglobal']['suppress']['item'])) - $config['installedpackages']['snortglobal']['suppress']['item'] = array(); -$a_suppress = &$config['installedpackages']['snortglobal']['suppress']['item']; -$id_gen = count($config['installedpackages']['snortglobal']['suppress']['item']); - -$d_suppresslistdirty_path = '/var/run/snort_suppress.dirty'; - -if ($_GET['act'] == "del") { - if ($a_suppress[$_GET['id']]) { - /* make sure rule is not being referenced by any nat or filter rules */ - - unset($a_suppress[$_GET['id']]); - write_config(); - filter_configure(); - header("Location: /snort/snort_interfaces_suppress.php"); - exit; - } -} - -$pgtitle = "Services: Snort: Suppression"; -include_once("head.inc"); - -?> - -<body link="#000000" vlink="#000000" alink="#000000"> - -<?php -include_once("fbegin.inc"); -echo $snort_general_css; -?> - -<div class="body2"><?if($pfsense_stable == 'yes'){echo '<p class="pgtitle">' . $pgtitle . '</p>';}?> - -<form action="/snort/snort_interfaces_suppress.php" method="post"><?php if ($savemsg) print_info_box($savemsg); ?> -<?php if (file_exists($d_suppresslistdirty_path)): ?> -<p><?php print_info_box_np("The white list has been changed.<br>You must apply the changes in order for them to take effect.");?> -<?php endif; ?> - -<table width="100%" border="0" cellpadding="0" cellspacing="0"> -<tr><td> -<?php - $tab_array = array(); - $tab_array[0] = array(gettext("Snort Interfaces"), false, "/snort/snort_interfaces.php"); - $tab_array[1] = array(gettext("Global Settings"), false, "/snort/snort_interfaces_global.php"); - $tab_array[2] = array(gettext("Updates"), false, "/snort/snort_download_updates.php"); - $tab_array[3] = array(gettext("Alerts"), false, "/snort/snort_alerts.php"); - $tab_array[4] = array(gettext("Blocked"), false, "/snort/snort_blocked.php"); - $tab_array[5] = array(gettext("Whitelists"), false, "/snort/snort_interfaces_whitelist.php"); - $tab_array[6] = array(gettext("Suppress"), true, "/snort/snort_interfaces_suppress.php"); - $tab_array[7] = array(gettext("Help"), false, "/snort/help_and_info.php"); - display_top_tabs($tab_array); -?> - </td> - </tr> - <tr> - <td class="tabcont"> - - <table width="100%" border="0" cellpadding="0" cellspacing="0"> - - <tr> - <td width="30%" class="listhdrr">File Name</td> - <td width="70%" class="listhdr">Description</td> - - <td width="10%" class="list"></td> - </tr> - <?php $i = 0; foreach ($a_suppress as $list): ?> - <tr> - <td class="listlr" - ondblclick="document.location='snort_interfaces_suppress_edit.php?id=<?=$i;?>';"> - <?=htmlspecialchars($list['name']);?></td> - <td class="listbg" - ondblclick="document.location='snort_interfaces_suppress_edit.php?id=<?=$i;?>';"> - <font color="#FFFFFF"> <?=htmlspecialchars($list['descr']);?> - </td> - - <td valign="middle" nowrap class="list"> - <table border="0" cellspacing="0" cellpadding="1"> - <tr> - <td valign="middle"><a - href="snort_interfaces_suppress_edit.php?id=<?=$i;?>"><img - src="/themes/<?= $g['theme']; ?>/images/icons/icon_e.gif" - width="17" height="17" border="0" title="edit whitelist"></a></td> - <td><a - href="/snort/snort_interfaces_suppress.php?act=del&id=<?=$i;?>" - onclick="return confirm('Do you really want to delete this whitelist? All elements that still use it will become invalid (e.g. snort rules will fall back to the default whitelist)!')"><img - src="/themes/<?= $g['theme']; ?>/images/icons/icon_x.gif" - width="17" height="17" border="0" title="delete whitelist"></a></td> - </tr> - </table> - </td> - </tr> - <?php $i++; endforeach; ?> - <tr> - <td class="list" colspan="2"></td> - <td class="list"> - <table border="0" cellspacing="0" cellpadding="1"> - <tr> - <td valign="middle" width="17"> </td> - <td valign="middle"><a - href="snort_interfaces_suppress_edit.php?id=<?php echo $id_gen;?> "><img - src="/themes/<?= $g['theme']; ?>/images/icons/icon_plus.gif" - width="17" height="17" border="0" title="add a new list"></a></td> - </tr> - </table> - </td> - </tr> - </table> - </td> - </tr> -</table> -<br> -<table class="tabcont" width="100%" border="0" cellpadding="0" - cellspacing="0"> - <td width="100%"><span class="vexpl"><span class="red"><strong>Note:</strong></span> - <p><span class="vexpl">Here you can create event filtering and - suppression for your snort package rules.<br> - Please note that you must restart a running rule so that changes can - take effect.</span></p></td> -</table> - -</form> - -</div> - -<?php include("fend.inc"); ?> -</body> -</html> +<?php
+/* $Id$ */
+/*
+ Copyright (C) 2004 Scott Ullrich
+ Copyright (C) 2011 Ermal Luci
+ All rights reserved.
+
+ originially part of m0n0wall (http://m0n0.ch/wall)
+ Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>.
+ All rights reserved.
+
+ modified for the pfsense snort package
+ Copyright (C) 2009-2010 Robert Zelaya.
+ All rights reserved.
+
+ Redistribution and use in source and binary forms, with or without
+ modification, are permitted provided that the following conditions are met:
+
+ 1. Redistributions of source code must retain the above copyright notice,
+ this list of conditions and the following disclaimer.
+
+ 2. Redistributions in binary form must reproduce the above copyright
+ notice, this list of conditions and the following disclaimer in the
+ documentation and/or other materials provided with the distribution.
+
+ THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
+ INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
+ AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
+ OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ POSSIBILITY OF SUCH DAMAGE.
+ */
+
+require_once("guiconfig.inc");
+require_once("/usr/local/pkg/snort/snort_gui.inc");
+require_once("/usr/local/pkg/snort/snort.inc");
+
+
+if (!is_array($config['installedpackages']['snortglobal']['suppress']))
+ $config['installedpackages']['snortglobal']['suppress'] = array();
+if (!is_array($config['installedpackages']['snortglobal']['suppress']['item']))
+ $config['installedpackages']['snortglobal']['suppress']['item'] = array();
+$a_suppress = &$config['installedpackages']['snortglobal']['suppress']['item'];
+$id_gen = count($config['installedpackages']['snortglobal']['suppress']['item']);
+
+$d_suppresslistdirty_path = '/var/run/snort_suppress.dirty';
+
+if ($_GET['act'] == "del") {
+ if ($a_suppress[$_GET['id']]) {
+ /* make sure rule is not being referenced by any nat or filter rules */
+
+ unset($a_suppress[$_GET['id']]);
+ write_config();
+ filter_configure();
+ header("Location: /snort/snort_interfaces_suppress.php");
+ exit;
+ }
+}
+
+$pgtitle = "Services: Snort: Suppression";
+include_once("head.inc");
+
+?>
+
+<body link="#000000" vlink="#000000" alink="#000000">
+
+<?php
+include_once("fbegin.inc");
+echo $snort_general_css;
+?>
+
+<div class="body2"><?if($pfsense_stable == 'yes'){echo '<p class="pgtitle">' . $pgtitle . '</p>';}?>
+
+<form action="/snort/snort_interfaces_suppress.php" method="post"><?php if ($savemsg) print_info_box($savemsg); ?>
+<?php if (file_exists($d_suppresslistdirty_path)): ?>
+<p><?php print_info_box_np("The white list has been changed.<br>You must apply the changes in order for them to take effect.");?>
+<?php endif; ?>
+
+<table width="100%" border="0" cellpadding="0" cellspacing="0">
+<tr><td>
+<?php
+ $tab_array = array();
+ $tab_array[0] = array(gettext("Snort Interfaces"), false, "/snort/snort_interfaces.php");
+ $tab_array[1] = array(gettext("Global Settings"), false, "/snort/snort_interfaces_global.php");
+ $tab_array[2] = array(gettext("Updates"), false, "/snort/snort_download_updates.php");
+ $tab_array[3] = array(gettext("Alerts"), false, "/snort/snort_alerts.php");
+ $tab_array[4] = array(gettext("Blocked"), false, "/snort/snort_blocked.php");
+ $tab_array[5] = array(gettext("Whitelists"), false, "/snort/snort_interfaces_whitelist.php");
+ $tab_array[6] = array(gettext("Suppress"), true, "/snort/snort_interfaces_suppress.php");
+ $tab_array[7] = array(gettext("Help"), false, "/snort/help_and_info.php");
+ display_top_tabs($tab_array);
+?>
+ </td>
+ </tr>
+ <tr>
+ <td class="tabcont">
+
+ <table width="100%" border="0" cellpadding="0" cellspacing="0">
+
+ <tr>
+ <td width="30%" class="listhdrr">File Name</td>
+ <td width="70%" class="listhdr">Description</td>
+
+ <td width="10%" class="list"></td>
+ </tr>
+ <?php $i = 0; foreach ($a_suppress as $list): ?>
+ <tr>
+ <td class="listlr"
+ ondblclick="document.location='snort_interfaces_suppress_edit.php?id=<?=$i;?>';">
+ <?=htmlspecialchars($list['name']);?></td>
+ <td class="listbg"
+ ondblclick="document.location='snort_interfaces_suppress_edit.php?id=<?=$i;?>';">
+ <font color="#FFFFFF"> <?=htmlspecialchars($list['descr']);?>
+ </td>
+
+ <td valign="middle" nowrap class="list">
+ <table border="0" cellspacing="0" cellpadding="1">
+ <tr>
+ <td valign="middle"><a
+ href="snort_interfaces_suppress_edit.php?id=<?=$i;?>"><img
+ src="/themes/<?= $g['theme']; ?>/images/icons/icon_e.gif"
+ width="17" height="17" border="0" title="edit whitelist"></a></td>
+ <td><a
+ href="/snort/snort_interfaces_suppress.php?act=del&id=<?=$i;?>"
+ onclick="return confirm('Do you really want to delete this whitelist? All elements that still use it will become invalid (e.g. snort rules will fall back to the default whitelist)!')"><img
+ src="/themes/<?= $g['theme']; ?>/images/icons/icon_x.gif"
+ width="17" height="17" border="0" title="delete whitelist"></a></td>
+ </tr>
+ </table>
+ </td>
+ </tr>
+ <?php $i++; endforeach; ?>
+ <tr>
+ <td class="list" colspan="2"></td>
+ <td class="list">
+ <table border="0" cellspacing="0" cellpadding="1">
+ <tr>
+ <td valign="middle" width="17"> </td>
+ <td valign="middle"><a
+ href="snort_interfaces_suppress_edit.php?id=<?php echo $id_gen;?> "><img
+ src="/themes/<?= $g['theme']; ?>/images/icons/icon_plus.gif"
+ width="17" height="17" border="0" title="add a new list"></a></td>
+ </tr>
+ </table>
+ </td>
+ </tr>
+ </table>
+ </td>
+ </tr>
+</table>
+<br>
+<table class="tabcont" width="100%" border="0" cellpadding="0"
+ cellspacing="0">
+ <td width="100%"><span class="vexpl"><span class="red"><strong>Note:</strong></span>
+ <p><span class="vexpl">Here you can create event filtering and
+ suppression for your snort package rules.<br>
+ Please note that you must restart a running rule so that changes can
+ take effect.</span></p></td>
+</table>
+
+</form>
+
+</div>
+
+<?php include("fend.inc"); ?>
+</body>
+</html>
diff --git a/config/snort-dev/snort_interfaces_suppress_edit.php b/config/snort-dev/snort_interfaces_suppress_edit.php index 7303349f..559ea76c 100644 --- a/config/snort-dev/snort_interfaces_suppress_edit.php +++ b/config/snort-dev/snort_interfaces_suppress_edit.php @@ -1,295 +1,295 @@ -<?php -/* $Id$ */ -/* - firewall_aliases_edit.php - Copyright (C) 2004 Scott Ullrich - All rights reserved. - - originially part of m0n0wall (http://m0n0.ch/wall) - Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>. - All rights reserved. - - modified for the pfsense snort package - Copyright (C) 2009-2010 Robert Zelaya. - All rights reserved. - - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions are met: - - 1. Redistributions of source code must retain the above copyright notice, - this list of conditions and the following disclaimer. - - 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. - - THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, - INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY - AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, - OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - POSSIBILITY OF SUCH DAMAGE. - */ - -require_once("guiconfig.inc"); -require_once("/usr/local/pkg/snort/snort_gui.inc"); -require_once("/usr/local/pkg/snort/snort.inc"); - -if (!is_array($config['installedpackages']['snortglobal']['suppress'])) - $config['installedpackages']['snortglobal']['suppress'] = array(); -if (!is_array($config['installedpackages']['snortglobal']['suppress']['item'])) - $config['installedpackages']['snortglobal']['suppress']['item'] = array(); -$a_suppress = &$config['installedpackages']['snortglobal']['suppress']['item']; - -$id = $_GET['id']; -if (isset($_POST['id'])) - $id = $_POST['id']; -if (!is_numeric($id)) - $id = 0; // XXX: safety belt - - -/* gen uuid for each iface */ -if (is_array($config['installedpackages']['snortglobal']['suppress']['item'][$id])) { - if ($config['installedpackages']['snortglobal']['suppress']['item'][$id]['uuid'] == '') { - //$snort_uuid = gen_snort_uuid(strrev(uniqid(true))); - $suppress_uuid = 0; - while ($suppress_uuid > 65535 || $suppress_uuid == 0) { - $suppress_uuid = mt_rand(1, 65535); - $pconfig['uuid'] = $suppress_uuid; - } - } else if ($config['installedpackages']['snortglobal']['suppress']['item'][$id]['uuid'] != '') { - $suppress_uuid = $config['installedpackages']['snortglobal']['suppress']['item'][$id]['uuid']; - } -} - -$d_snort_suppress_dirty_path = '/var/run/snort_suppress.dirty'; - -/* returns true if $name is a valid name for a whitelist file name or ip */ -function is_validwhitelistname($name) { - if (!is_string($name)) - return false; - - if (!preg_match("/[^a-zA-Z0-9\.\/]/", $name)) - return true; - - return false; -} - -if (isset($id) && $a_suppress[$id]) { - - /* old settings */ - $pconfig['name'] = $a_suppress[$id]['name']; - $pconfig['uuid'] = $a_suppress[$id]['uuid']; - $pconfig['descr'] = $a_suppress[$id]['descr']; - $pconfig['suppresspassthru'] = base64_decode($a_suppress[$id]['suppresspassthru']); -} - -if ($_POST['submit']) { - - unset($input_errors); - $pconfig = $_POST; - - do_input_validation($_POST, $reqdfields, $reqdfieldsn, &$input_errors); - - if(strtolower($_POST['name']) == "defaultwhitelist") - $input_errors[] = "Whitelist file names may not be named defaultwhitelist."; - - $x = is_validwhitelistname($_POST['name']); - if (!isset($x)) { - $input_errors[] = "Reserved word used for whitelist file name."; - } else { - if (is_validwhitelistname($_POST['name']) == false) - $input_errors[] = "Whitelist file name may only consist of the characters a-z, A-Z and 0-9 _. Note: No Spaces. Press Cancel to reset."; - } - - - /* check for name conflicts */ - foreach ($a_suppress as $s_list) { - if (isset($id) && ($a_suppress[$id]) && ($a_suppress[$id] === $s_list)) - continue; - - if ($s_list['name'] == $_POST['name']) { - $input_errors[] = "A whitelist file name with this name already exists."; - break; - } - } - - - if (!$input_errors) { - $s_list = array(); - $s_list['name'] = $_POST['name']; - $s_list['uuid'] = $suppress_uuid; - $s_list['descr'] = mb_convert_encoding($_POST['descr'],"HTML-ENTITIES","auto"); - $s_list['suppresspassthru'] = base64_encode($_POST['suppresspassthru']); - - if (isset($id) && $a_suppress[$id]) - $a_suppress[$id] = $s_list; - else - $a_suppress[] = $s_list; - - write_config(); - - sync_snort_package_config(); - - header("Location: /snort/snort_interfaces_suppress.php"); - exit; - } - -} - -$pgtitle = "Services: Snort: Suppression: Edit $suppress_uuid"; -include_once("head.inc"); - -?> - -<body link="#0000CC" vlink="#0000CC" alink="#0000CC"> - -<?php -include("fbegin.inc"); -echo $snort_general_css; -?> - -<div class="body2"><?if($pfsense_stable == 'yes'){echo '<p class="pgtitle">' . $pgtitle . '</p>';}?> - -<?php if ($input_errors) print_input_errors($input_errors); ?> -<div id="inputerrors"></div> - -<form action="/snort/snort_interfaces_suppress_edit.php?id=<?=$id?>" - method="post" name="iform" id="iform"><?php - /* Display Alert message */ - if ($input_errors) { - print_input_errors($input_errors); // TODO: add checks - } - - if ($savemsg) { - print_info_box2($savemsg); - } - - //if (file_exists($d_snortconfdirty_path)) { - if (file_exists($d_snort_suppress_dirty_path)) { - echo '<p>'; - - if($savemsg) { - print_info_box_np2("{$savemsg}"); - }else{ - print_info_box_np2(' - The Snort configuration has changed and snort needs to be restarted on this interface.<br> - You must apply the changes in order for them to take effect.<br> - '); - } - } - ?> - -<table width="100%" border="0" cellpadding="0" cellspacing="0"> - <tr> - <td class="tabnavtbl"> - - <div class="newtabmenu" style="margin: 1px 0px; width: 775px;"><!-- Tabbed bar code--> - <ul class="newtabmenu"> - <li><a href="/snort/snort_interfaces.php"><span>Snort Interfaces</span></a></li> - <li><a href="/snort/snort_interfaces_global.php"><span>Global - Settings</span></a></li> - <li><a href="/snort/snort_download_updates.php"><span>Updates</span></a></li> - <li><a href="/snort/snort_alerts.php"><span>Alerts</span></a></li> - <li><a href="/snort/snort_blocked.php"><span>Blocked</span></a></li> - <li><a href="/snort/snort_interfaces_whitelist.php"><span>Whitelists</span></a></li> - <li class="newtabmenu_active"><a - href="/snort/snort_interfaces_suppress.php"><span>Suppress</span></a></li> - <li><a class="example8" href="/snort/help_and_info.php"><span>Help</span></a></li> - </ul> - </div> - - </td> - </tr> - - <tr> - <td class="tabcont"> - <table width="100%" border="0" cellpadding="6" cellspacing="0"> - <tr> - <td colspan="2" valign="top" class="listtopic">Add the name and - description of the file.</td> - </tr> - <tr> - <td valign="top" class="vncellreq2">Name</td> - <td class="vtable"><input name="name" type="text" id="name" - size="40" value="<?=htmlspecialchars($pconfig['name']);?>" /> <br /> - <span class="vexpl"> The list name may only consist of the - characters a-z, A-Z and 0-9. <span class="red">Note: </span> No - Spaces. </span></td> - </tr> - <tr> - <td width="22%" valign="top" class="vncell2">Description</td> - <td width="78%" class="vtable"><input name="descr" type="text" - id="descr" size="40" value="<?=$pconfig['descr'];?>" /> <br /> - <span class="vexpl"> You may enter a description here for your - reference (not parsed). </span></td> - </tr> - </table> - <table width="100%" border="0" cellpadding="6" cellspacing="0"> - <table height="32" width="100%"> - <tr> - <td> - <div style='background-color: #E0E0E0' id='redbox'> - <table width='100%'> - <tr> - <td width='8%'> <img - style='vertical-align: middle' - src="/snort/images/icon_excli.png" width="40" height="32"></td> - <td width='70%'><font size="2" color='#FF850A'><b>NOTE:</b></font> - <font size="2" color='#000000'> The threshold keyword - is deprecated as of version 2.8.5. Use the event_filter keyword - instead.</font></td> - </tr> - </table> - </div> - </td> - </tr> - <script type="text/javascript"> - NiftyCheck(); - Rounded("div#redbox","all","#FFF","#E0E0E0","smooth"); - Rounded("td#blackbox","all","#FFF","#000000","smooth"); - </script> - <tr> - <td colspan="2" valign="top" class="listtopic">Apply suppression or - filters to rules. Valid keywords are 'suppress', 'event_filter' and - 'rate_filter'.</td> - </tr> - <tr> - <td colspan="2" valign="top" class="vncell"><b>Example 1;</b> - suppress gen_id 1, sig_id 1852, track by_src, ip 10.1.1.54<br> - <b>Example 2;</b> event_filter gen_id 1, sig_id 1851, type limit, - track by_src, count 1, seconds 60<br> - <b>Example 3;</b> rate_filter gen_id 135, sig_id 1, track by_src, - count 100, seconds 1, new_action log, timeout 10</td> - </tr> - <tr> - <td width="100%" class="vtable"><textarea wrap="off" - name="suppresspassthru" cols="142" rows="28" id="suppresspassthru" - class="formpre"><?=htmlspecialchars($pconfig['suppresspassthru']);?></textarea> - </td> - </tr> - <tr> - <td width="78%"><input id="submit" name="submit" type="submit" - class="formbtn" value="Save" /> <input id="cancelbutton" - name="cancelbutton" type="button" class="formbtn" value="Cancel" - onclick="history.back()" /> <?php if (isset($id) && $a_suppress[$id]): ?> - <input name="id" type="hidden" value="<?=$id;?>" /> <?php endif; ?> - </td> - </tr> - </table> - </table> - </td> - </tr> -</table> -</form> - -</div> - - <?php include("fend.inc"); ?> - -</body> -</html> +<?php
+/* $Id$ */
+/*
+ firewall_aliases_edit.php
+ Copyright (C) 2004 Scott Ullrich
+ All rights reserved.
+
+ originially part of m0n0wall (http://m0n0.ch/wall)
+ Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>.
+ All rights reserved.
+
+ modified for the pfsense snort package
+ Copyright (C) 2009-2010 Robert Zelaya.
+ All rights reserved.
+
+ Redistribution and use in source and binary forms, with or without
+ modification, are permitted provided that the following conditions are met:
+
+ 1. Redistributions of source code must retain the above copyright notice,
+ this list of conditions and the following disclaimer.
+
+ 2. Redistributions in binary form must reproduce the above copyright
+ notice, this list of conditions and the following disclaimer in the
+ documentation and/or other materials provided with the distribution.
+
+ THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
+ INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
+ AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
+ OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ POSSIBILITY OF SUCH DAMAGE.
+ */
+
+require_once("guiconfig.inc");
+require_once("/usr/local/pkg/snort/snort_gui.inc");
+require_once("/usr/local/pkg/snort/snort.inc");
+
+if (!is_array($config['installedpackages']['snortglobal']['suppress']))
+ $config['installedpackages']['snortglobal']['suppress'] = array();
+if (!is_array($config['installedpackages']['snortglobal']['suppress']['item']))
+ $config['installedpackages']['snortglobal']['suppress']['item'] = array();
+$a_suppress = &$config['installedpackages']['snortglobal']['suppress']['item'];
+
+$id = $_GET['id'];
+if (isset($_POST['id']))
+ $id = $_POST['id'];
+if (!is_numeric($id))
+ $id = 0; // XXX: safety belt
+
+
+/* gen uuid for each iface */
+if (is_array($config['installedpackages']['snortglobal']['suppress']['item'][$id])) {
+ if ($config['installedpackages']['snortglobal']['suppress']['item'][$id]['uuid'] == '') {
+ //$snort_uuid = gen_snort_uuid(strrev(uniqid(true)));
+ $suppress_uuid = 0;
+ while ($suppress_uuid > 65535 || $suppress_uuid == 0) {
+ $suppress_uuid = mt_rand(1, 65535);
+ $pconfig['uuid'] = $suppress_uuid;
+ }
+ } else if ($config['installedpackages']['snortglobal']['suppress']['item'][$id]['uuid'] != '') {
+ $suppress_uuid = $config['installedpackages']['snortglobal']['suppress']['item'][$id]['uuid'];
+ }
+}
+
+$d_snort_suppress_dirty_path = '/var/run/snort_suppress.dirty';
+
+/* returns true if $name is a valid name for a whitelist file name or ip */
+function is_validwhitelistname($name) {
+ if (!is_string($name))
+ return false;
+
+ if (!preg_match("/[^a-zA-Z0-9\.\/]/", $name))
+ return true;
+
+ return false;
+}
+
+if (isset($id) && $a_suppress[$id]) {
+
+ /* old settings */
+ $pconfig['name'] = $a_suppress[$id]['name'];
+ $pconfig['uuid'] = $a_suppress[$id]['uuid'];
+ $pconfig['descr'] = $a_suppress[$id]['descr'];
+ $pconfig['suppresspassthru'] = base64_decode($a_suppress[$id]['suppresspassthru']);
+}
+
+if ($_POST['submit']) {
+
+ unset($input_errors);
+ $pconfig = $_POST;
+
+ do_input_validation($_POST, $reqdfields, $reqdfieldsn, &$input_errors);
+
+ if(strtolower($_POST['name']) == "defaultwhitelist")
+ $input_errors[] = "Whitelist file names may not be named defaultwhitelist.";
+
+ $x = is_validwhitelistname($_POST['name']);
+ if (!isset($x)) {
+ $input_errors[] = "Reserved word used for whitelist file name.";
+ } else {
+ if (is_validwhitelistname($_POST['name']) == false)
+ $input_errors[] = "Whitelist file name may only consist of the characters a-z, A-Z and 0-9 _. Note: No Spaces. Press Cancel to reset.";
+ }
+
+
+ /* check for name conflicts */
+ foreach ($a_suppress as $s_list) {
+ if (isset($id) && ($a_suppress[$id]) && ($a_suppress[$id] === $s_list))
+ continue;
+
+ if ($s_list['name'] == $_POST['name']) {
+ $input_errors[] = "A whitelist file name with this name already exists.";
+ break;
+ }
+ }
+
+
+ if (!$input_errors) {
+ $s_list = array();
+ $s_list['name'] = $_POST['name'];
+ $s_list['uuid'] = $suppress_uuid;
+ $s_list['descr'] = mb_convert_encoding($_POST['descr'],"HTML-ENTITIES","auto");
+ $s_list['suppresspassthru'] = base64_encode($_POST['suppresspassthru']);
+
+ if (isset($id) && $a_suppress[$id])
+ $a_suppress[$id] = $s_list;
+ else
+ $a_suppress[] = $s_list;
+
+ write_config();
+
+ sync_snort_package_config();
+
+ header("Location: /snort/snort_interfaces_suppress.php");
+ exit;
+ }
+
+}
+
+$pgtitle = "Services: Snort: Suppression: Edit $suppress_uuid";
+include_once("head.inc");
+
+?>
+
+<body link="#0000CC" vlink="#0000CC" alink="#0000CC">
+
+<?php
+include("fbegin.inc");
+echo $snort_general_css;
+?>
+
+<div class="body2"><?if($pfsense_stable == 'yes'){echo '<p class="pgtitle">' . $pgtitle . '</p>';}?>
+
+<?php if ($input_errors) print_input_errors($input_errors); ?>
+<div id="inputerrors"></div>
+
+<form action="/snort/snort_interfaces_suppress_edit.php?id=<?=$id?>"
+ method="post" name="iform" id="iform"><?php
+ /* Display Alert message */
+ if ($input_errors) {
+ print_input_errors($input_errors); // TODO: add checks
+ }
+
+ if ($savemsg) {
+ print_info_box2($savemsg);
+ }
+
+ //if (file_exists($d_snortconfdirty_path)) {
+ if (file_exists($d_snort_suppress_dirty_path)) {
+ echo '<p>';
+
+ if($savemsg) {
+ print_info_box_np2("{$savemsg}");
+ }else{
+ print_info_box_np2('
+ The Snort configuration has changed and snort needs to be restarted on this interface.<br>
+ You must apply the changes in order for them to take effect.<br>
+ ');
+ }
+ }
+ ?>
+
+<table width="100%" border="0" cellpadding="0" cellspacing="0">
+ <tr>
+ <td class="tabnavtbl">
+
+ <div class="newtabmenu" style="margin: 1px 0px; width: 775px;"><!-- Tabbed bar code-->
+ <ul class="newtabmenu">
+ <li><a href="/snort/snort_interfaces.php"><span>Snort Interfaces</span></a></li>
+ <li><a href="/snort/snort_interfaces_global.php"><span>Global
+ Settings</span></a></li>
+ <li><a href="/snort/snort_download_updates.php"><span>Updates</span></a></li>
+ <li><a href="/snort/snort_alerts.php"><span>Alerts</span></a></li>
+ <li><a href="/snort/snort_blocked.php"><span>Blocked</span></a></li>
+ <li><a href="/snort/snort_interfaces_whitelist.php"><span>Whitelists</span></a></li>
+ <li class="newtabmenu_active"><a
+ href="/snort/snort_interfaces_suppress.php"><span>Suppress</span></a></li>
+ <li><a class="example8" href="/snort/help_and_info.php"><span>Help</span></a></li>
+ </ul>
+ </div>
+
+ </td>
+ </tr>
+
+ <tr>
+ <td class="tabcont">
+ <table width="100%" border="0" cellpadding="6" cellspacing="0">
+ <tr>
+ <td colspan="2" valign="top" class="listtopic">Add the name and
+ description of the file.</td>
+ </tr>
+ <tr>
+ <td valign="top" class="vncellreq2">Name</td>
+ <td class="vtable"><input name="name" type="text" id="name"
+ size="40" value="<?=htmlspecialchars($pconfig['name']);?>" /> <br />
+ <span class="vexpl"> The list name may only consist of the
+ characters a-z, A-Z and 0-9. <span class="red">Note: </span> No
+ Spaces. </span></td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncell2">Description</td>
+ <td width="78%" class="vtable"><input name="descr" type="text"
+ id="descr" size="40" value="<?=$pconfig['descr'];?>" /> <br />
+ <span class="vexpl"> You may enter a description here for your
+ reference (not parsed). </span></td>
+ </tr>
+ </table>
+ <table width="100%" border="0" cellpadding="6" cellspacing="0">
+ <table height="32" width="100%">
+ <tr>
+ <td>
+ <div style='background-color: #E0E0E0' id='redbox'>
+ <table width='100%'>
+ <tr>
+ <td width='8%'> <img
+ style='vertical-align: middle'
+ src="/snort/images/icon_excli.png" width="40" height="32"></td>
+ <td width='70%'><font size="2" color='#FF850A'><b>NOTE:</b></font>
+ <font size="2" color='#000000'> The threshold keyword
+ is deprecated as of version 2.8.5. Use the event_filter keyword
+ instead.</font></td>
+ </tr>
+ </table>
+ </div>
+ </td>
+ </tr>
+ <script type="text/javascript">
+ NiftyCheck();
+ Rounded("div#redbox","all","#FFF","#E0E0E0","smooth");
+ Rounded("td#blackbox","all","#FFF","#000000","smooth");
+ </script>
+ <tr>
+ <td colspan="2" valign="top" class="listtopic">Apply suppression or
+ filters to rules. Valid keywords are 'suppress', 'event_filter' and
+ 'rate_filter'.</td>
+ </tr>
+ <tr>
+ <td colspan="2" valign="top" class="vncell"><b>Example 1;</b>
+ suppress gen_id 1, sig_id 1852, track by_src, ip 10.1.1.54<br>
+ <b>Example 2;</b> event_filter gen_id 1, sig_id 1851, type limit,
+ track by_src, count 1, seconds 60<br>
+ <b>Example 3;</b> rate_filter gen_id 135, sig_id 1, track by_src,
+ count 100, seconds 1, new_action log, timeout 10</td>
+ </tr>
+ <tr>
+ <td width="100%" class="vtable"><textarea wrap="off"
+ name="suppresspassthru" cols="142" rows="28" id="suppresspassthru"
+ class="formpre"><?=htmlspecialchars($pconfig['suppresspassthru']);?></textarea>
+ </td>
+ </tr>
+ <tr>
+ <td width="78%"><input id="submit" name="submit" type="submit"
+ class="formbtn" value="Save" /> <input id="cancelbutton"
+ name="cancelbutton" type="button" class="formbtn" value="Cancel"
+ onclick="history.back()" /> <?php if (isset($id) && $a_suppress[$id]): ?>
+ <input name="id" type="hidden" value="<?=$id;?>" /> <?php endif; ?>
+ </td>
+ </tr>
+ </table>
+ </table>
+ </td>
+ </tr>
+</table>
+</form>
+
+</div>
+
+ <?php include("fend.inc"); ?>
+
+</body>
+</html>
diff --git a/config/snort-dev/snort_interfaces_whitelist.php b/config/snort-dev/snort_interfaces_whitelist.php index 2dc2d491..72a08629 100644 --- a/config/snort-dev/snort_interfaces_whitelist.php +++ b/config/snort-dev/snort_interfaces_whitelist.php @@ -1,189 +1,189 @@ -<?php -/* $Id$ */ -/* - firewall_aliases.php - Copyright (C) 2004 Scott Ullrich - Copyright (C) 2011 Ermal Luci - All rights reserved. - - originially part of m0n0wall (http://m0n0.ch/wall) - Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>. - All rights reserved. - - modified for the pfsense snort package - Copyright (C) 2009-2010 Robert Zelaya. - All rights reserved. - - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions are met: - - 1. Redistributions of source code must retain the above copyright notice, - this list of conditions and the following disclaimer. - - 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. - - THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, - INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY - AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, - OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - POSSIBILITY OF SUCH DAMAGE. - */ - -require_once("guiconfig.inc"); -require_once("/usr/local/pkg/snort/snort_gui.inc"); -require_once("/usr/local/pkg/snort/snort.inc"); - - -if (!is_array($config['installedpackages']['snortglobal']['whitelist']['item'])) -$config['installedpackages']['snortglobal']['whitelist']['item'] = array(); - -//aliases_sort(); << what ? -$a_whitelist = &$config['installedpackages']['snortglobal']['whitelist']['item']; - -if (isset($config['installedpackages']['snortglobal']['whitelist']['item'])) { - $id_gen = count($config['installedpackages']['snortglobal']['whitelist']['item']); -}else{ - $id_gen = '0'; -} - -$d_whitelistdirty_path = '/var/run/snort_whitelist.dirty'; - -if ($_GET['act'] == "del") { - if ($a_whitelist[$_GET['id']]) { - /* make sure rule is not being referenced by any nat or filter rules */ - - unset($a_whitelist[$_GET['id']]); - write_config(); - filter_configure(); - header("Location: /snort/snort_interfaces_whitelist.php"); - exit; - } -} - -$pgtitle = "Services: Snort: Whitelist"; -include_once("head.inc"); - -?> - -<body link="#0000CC" vlink="#0000CC" alink="#0000CC"> - -<?php -include_once("fbegin.inc"); -echo $snort_general_css; -?> - -<div class="body2"><?if($pfsense_stable == 'yes'){echo '<p class="pgtitle">' . $pgtitle . '</p>';}?> - -<form action="/snort/snort_interfaces_whitelist.php" method="post"><?php if ($savemsg) print_info_box($savemsg); ?> -<?php if (file_exists($d_whitelistdirty_path)): ?> -<p><?php print_info_box_np("The white list has been changed.<br>You must apply the changes in order for them to take effect.");?> -<?php endif; ?> - -<table width="100%" border="0" cellpadding="0" cellspacing="0"> -<tr><td> -<?php - $tab_array = array(); - $tab_array[0] = array(gettext("Snort Interfaces"), false, "/snort/snort_interfaces.php"); - $tab_array[1] = array(gettext("Global Settings"), false, "/snort/snort_interfaces_global.php"); - $tab_array[2] = array(gettext("Updates"), false, "/snort/snort_download_updates.php"); - $tab_array[3] = array(gettext("Alerts"), false, "/snort/snort_alerts.php"); - $tab_array[4] = array(gettext("Blocked"), false, "/snort/snort_blocked.php"); - $tab_array[5] = array(gettext("Whitelists"), true, "/snort/snort_interfaces_whitelist.php"); - $tab_array[6] = array(gettext("Suppress"), false, "/snort/snort_interfaces_suppress.php"); - $tab_array[7] = array(gettext("Help"), false, "/snort/help_and_info.php"); - display_top_tabs($tab_array); -?> - </td> - </tr> - <tr> - <td class="tabcont"> - - <table width="100%" border="0" cellpadding="0" cellspacing="0"> - - <tr> - <td width="20%" class="listhdrr">File Name</td> - <td width="40%" class="listhdrr">Values</td> - <td width="40%" class="listhdr">Description</td> - <td width="10%" class="list"></td> - </tr> - <?php $i = 0; foreach ($a_whitelist as $list): ?> - <tr> - <td class="listlr" - ondblclick="document.location='snort_interfaces_whitelist_edit.php?id=<?=$i;?>';"> - <?=htmlspecialchars($list['name']);?></td> - <td class="listr" - ondblclick="document.location='snort_interfaces_whitelist_edit.php?id=<?=$i;?>';"> - <?php - $addresses = implode(", ", array_slice(explode(" ", $list['address']), 0, 10)); - echo $addresses; - if(count($addresses) < 10) { - echo " "; - } else { - echo "..."; - } - ?></td> - <td class="listbg" - ondblclick="document.location='snort_interfaces_whitelist_edit.php?id=<?=$i;?>';"> - <font color="#FFFFFF"> <?=htmlspecialchars($list['descr']);?> - </td> - <td valign="middle" nowrap class="list"> - <table border="0" cellspacing="0" cellpadding="1"> - <tr> - <td valign="middle"><a - href="snort_interfaces_whitelist_edit.php?id=<?=$i;?>"><img - src="/themes/<?= $g['theme']; ?>/images/icons/icon_e.gif" - width="17" height="17" border="0" title="edit whitelist"></a></td> - <td><a - href="/snort/snort_interfaces_whitelist.php?act=del&id=<?=$i;?>" - onclick="return confirm('Do you really want to delete this whitelist? All elements that still use it will become invalid (e.g. snort rules will fall back to the default whitelist)!')"><img - src="/themes/<?= $g['theme']; ?>/images/icons/icon_x.gif" - width="17" height="17" border="0" title="delete whitelist"></a></td> - </tr> - </table> - </td> - </tr> - <?php $i++; endforeach; ?> - <tr> - <td class="list" colspan="3"></td> - <td class="list"> - <table border="0" cellspacing="0" cellpadding="1"> - <tr> - <td valign="middle" width="17"> </td> - <td valign="middle"><a - href="snort_interfaces_whitelist_edit.php?id=<?php echo $id_gen;?> "><img - src="/themes/<?= $g['theme']; ?>/images/icons/icon_plus.gif" - width="17" height="17" border="0" title="add a new list"></a></td> - </tr> - </table> - </td> - </tr> - </table> - </td> - </tr> -</table> -<br> -<table class="tabcont" width="100%" border="0" cellpadding="0" - cellspacing="0"> - <td width="100%"><span class="vexpl"><span class="red"><strong>Note:</strong></span> - <p><span class="vexpl">Here you can create whitelist files for your - snort package rules.<br> - Please add all the ips or networks you want to protect against snort - block decisions.<br> - Remember that the default whitelist only includes local networks.<br> - Be careful, it is very easy to get locked out of you system.</span></p></td> -</table> - -</form> - -</div> - -<?php include("fend.inc"); ?> -</body> -</html> +<?php
+/* $Id$ */
+/*
+ firewall_aliases.php
+ Copyright (C) 2004 Scott Ullrich
+ Copyright (C) 2011 Ermal Luci
+ All rights reserved.
+
+ originially part of m0n0wall (http://m0n0.ch/wall)
+ Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>.
+ All rights reserved.
+
+ modified for the pfsense snort package
+ Copyright (C) 2009-2010 Robert Zelaya.
+ All rights reserved.
+
+ Redistribution and use in source and binary forms, with or without
+ modification, are permitted provided that the following conditions are met:
+
+ 1. Redistributions of source code must retain the above copyright notice,
+ this list of conditions and the following disclaimer.
+
+ 2. Redistributions in binary form must reproduce the above copyright
+ notice, this list of conditions and the following disclaimer in the
+ documentation and/or other materials provided with the distribution.
+
+ THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
+ INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
+ AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
+ OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ POSSIBILITY OF SUCH DAMAGE.
+ */
+
+require_once("guiconfig.inc");
+require_once("/usr/local/pkg/snort/snort_gui.inc");
+require_once("/usr/local/pkg/snort/snort.inc");
+
+
+if (!is_array($config['installedpackages']['snortglobal']['whitelist']['item']))
+$config['installedpackages']['snortglobal']['whitelist']['item'] = array();
+
+//aliases_sort(); << what ?
+$a_whitelist = &$config['installedpackages']['snortglobal']['whitelist']['item'];
+
+if (isset($config['installedpackages']['snortglobal']['whitelist']['item'])) {
+ $id_gen = count($config['installedpackages']['snortglobal']['whitelist']['item']);
+}else{
+ $id_gen = '0';
+}
+
+$d_whitelistdirty_path = '/var/run/snort_whitelist.dirty';
+
+if ($_GET['act'] == "del") {
+ if ($a_whitelist[$_GET['id']]) {
+ /* make sure rule is not being referenced by any nat or filter rules */
+
+ unset($a_whitelist[$_GET['id']]);
+ write_config();
+ filter_configure();
+ header("Location: /snort/snort_interfaces_whitelist.php");
+ exit;
+ }
+}
+
+$pgtitle = "Services: Snort: Whitelist";
+include_once("head.inc");
+
+?>
+
+<body link="#0000CC" vlink="#0000CC" alink="#0000CC">
+
+<?php
+include_once("fbegin.inc");
+echo $snort_general_css;
+?>
+
+<div class="body2"><?if($pfsense_stable == 'yes'){echo '<p class="pgtitle">' . $pgtitle . '</p>';}?>
+
+<form action="/snort/snort_interfaces_whitelist.php" method="post"><?php if ($savemsg) print_info_box($savemsg); ?>
+<?php if (file_exists($d_whitelistdirty_path)): ?>
+<p><?php print_info_box_np("The white list has been changed.<br>You must apply the changes in order for them to take effect.");?>
+<?php endif; ?>
+
+<table width="100%" border="0" cellpadding="0" cellspacing="0">
+<tr><td>
+<?php
+ $tab_array = array();
+ $tab_array[0] = array(gettext("Snort Interfaces"), false, "/snort/snort_interfaces.php");
+ $tab_array[1] = array(gettext("Global Settings"), false, "/snort/snort_interfaces_global.php");
+ $tab_array[2] = array(gettext("Updates"), false, "/snort/snort_download_updates.php");
+ $tab_array[3] = array(gettext("Alerts"), false, "/snort/snort_alerts.php");
+ $tab_array[4] = array(gettext("Blocked"), false, "/snort/snort_blocked.php");
+ $tab_array[5] = array(gettext("Whitelists"), true, "/snort/snort_interfaces_whitelist.php");
+ $tab_array[6] = array(gettext("Suppress"), false, "/snort/snort_interfaces_suppress.php");
+ $tab_array[7] = array(gettext("Help"), false, "/snort/help_and_info.php");
+ display_top_tabs($tab_array);
+?>
+ </td>
+ </tr>
+ <tr>
+ <td class="tabcont">
+
+ <table width="100%" border="0" cellpadding="0" cellspacing="0">
+
+ <tr>
+ <td width="20%" class="listhdrr">File Name</td>
+ <td width="40%" class="listhdrr">Values</td>
+ <td width="40%" class="listhdr">Description</td>
+ <td width="10%" class="list"></td>
+ </tr>
+ <?php $i = 0; foreach ($a_whitelist as $list): ?>
+ <tr>
+ <td class="listlr"
+ ondblclick="document.location='snort_interfaces_whitelist_edit.php?id=<?=$i;?>';">
+ <?=htmlspecialchars($list['name']);?></td>
+ <td class="listr"
+ ondblclick="document.location='snort_interfaces_whitelist_edit.php?id=<?=$i;?>';">
+ <?php
+ $addresses = implode(", ", array_slice(explode(" ", $list['address']), 0, 10));
+ echo $addresses;
+ if(count($addresses) < 10) {
+ echo " ";
+ } else {
+ echo "...";
+ }
+ ?></td>
+ <td class="listbg"
+ ondblclick="document.location='snort_interfaces_whitelist_edit.php?id=<?=$i;?>';">
+ <font color="#FFFFFF"> <?=htmlspecialchars($list['descr']);?>
+ </td>
+ <td valign="middle" nowrap class="list">
+ <table border="0" cellspacing="0" cellpadding="1">
+ <tr>
+ <td valign="middle"><a
+ href="snort_interfaces_whitelist_edit.php?id=<?=$i;?>"><img
+ src="/themes/<?= $g['theme']; ?>/images/icons/icon_e.gif"
+ width="17" height="17" border="0" title="edit whitelist"></a></td>
+ <td><a
+ href="/snort/snort_interfaces_whitelist.php?act=del&id=<?=$i;?>"
+ onclick="return confirm('Do you really want to delete this whitelist? All elements that still use it will become invalid (e.g. snort rules will fall back to the default whitelist)!')"><img
+ src="/themes/<?= $g['theme']; ?>/images/icons/icon_x.gif"
+ width="17" height="17" border="0" title="delete whitelist"></a></td>
+ </tr>
+ </table>
+ </td>
+ </tr>
+ <?php $i++; endforeach; ?>
+ <tr>
+ <td class="list" colspan="3"></td>
+ <td class="list">
+ <table border="0" cellspacing="0" cellpadding="1">
+ <tr>
+ <td valign="middle" width="17"> </td>
+ <td valign="middle"><a
+ href="snort_interfaces_whitelist_edit.php?id=<?php echo $id_gen;?> "><img
+ src="/themes/<?= $g['theme']; ?>/images/icons/icon_plus.gif"
+ width="17" height="17" border="0" title="add a new list"></a></td>
+ </tr>
+ </table>
+ </td>
+ </tr>
+ </table>
+ </td>
+ </tr>
+</table>
+<br>
+<table class="tabcont" width="100%" border="0" cellpadding="0"
+ cellspacing="0">
+ <td width="100%"><span class="vexpl"><span class="red"><strong>Note:</strong></span>
+ <p><span class="vexpl">Here you can create whitelist files for your
+ snort package rules.<br>
+ Please add all the ips or networks you want to protect against snort
+ block decisions.<br>
+ Remember that the default whitelist only includes local networks.<br>
+ Be careful, it is very easy to get locked out of you system.</span></p></td>
+</table>
+
+</form>
+
+</div>
+
+<?php include("fend.inc"); ?>
+</body>
+</html>
diff --git a/config/snort-dev/snort_interfaces_whitelist_edit.php b/config/snort-dev/snort_interfaces_whitelist_edit.php index fe3c54a5..854c2a9a 100644 --- a/config/snort-dev/snort_interfaces_whitelist_edit.php +++ b/config/snort-dev/snort_interfaces_whitelist_edit.php @@ -1,414 +1,414 @@ -<?php -/* $Id$ */ -/* - firewall_aliases_edit.php - Copyright (C) 2004 Scott Ullrich - Copyright (C) 2011 Ermal Luci - All rights reserved. - - originially part of m0n0wall (http://m0n0.ch/wall) - Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>. - All rights reserved. - - modified for the pfsense snort package - Copyright (C) 2009-2010 Robert Zelaya. - All rights reserved. - - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions are met: - - 1. Redistributions of source code must retain the above copyright notice, - this list of conditions and the following disclaimer. - - 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. - - THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, - INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY - AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, - OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - POSSIBILITY OF SUCH DAMAGE. - */ - -require_once("guiconfig.inc"); -require_once("/usr/local/pkg/snort/snort_gui.inc"); -require_once("/usr/local/pkg/snort/snort.inc"); - -if (!is_array($config['installedpackages']['snortglobal']['whitelist']['item'])) - $config['installedpackages']['snortglobal']['whitelist']['item'] = array(); - -$a_whitelist = &$config['installedpackages']['snortglobal']['whitelist']['item']; - -$id = $_GET['id']; -if (isset($_POST['id'])) - $id = $_POST['id']; -if (is_null($id)) { - header("Location: /snort/snort_interfaces_whitelist.php"); - exit; -} - -/* gen uuid for each iface !inportant */ -if ($config['installedpackages']['snortglobal']['whitelist']['item'][$id]['uuid'] == '') { - $whitelist_uuid = 0; - while ($whitelist_uuid > 65535 || $whitelist_uuid == 0) { - $whitelist_uuid = mt_rand(1, 65535); - $pconfig['uuid'] = $whitelist_uuid; - } -} else if ($config['installedpackages']['snortglobal']['whitelist']['item'][$id]['uuid'] != '') { - $whitelist_uuid = $config['installedpackages']['snortglobal']['whitelist']['item'][$id]['uuid']; -} - -$d_snort_whitelist_dirty_path = '/var/run/snort_whitelist.dirty'; - -/* returns true if $name is a valid name for a whitelist file name or ip */ -function is_validwhitelistname($name) { - if (!is_string($name)) - return false; - - if (!preg_match("/[^a-zA-Z0-9\.\/]/", $name)) - return true; - - return false; -} - - -if (isset($id) && $a_whitelist[$id]) { - - /* old settings */ - $pconfig = array(); - $pconfig['name'] = $a_whitelist[$id]['name']; - $pconfig['uuid'] = $a_whitelist[$id]['uuid']; - $pconfig['detail'] = $a_whitelist[$id]['detail']; - $pconfig['snortlisttype'] = $a_whitelist[$id]['snortlisttype']; - $pconfig['address'] = $a_whitelist[$id]['address']; - $pconfig['descr'] = html_entity_decode($a_whitelist[$id]['descr']); - $pconfig['wanips'] = $a_whitelist[$id]['wanips']; - $pconfig['wangateips'] = $a_whitelist[$id]['wangateips']; - $pconfig['wandnsips'] = $a_whitelist[$id]['wandnsips']; - $pconfig['vips'] = $a_whitelist[$id]['vips']; - $pconfig['vpnips'] = $a_whitelist[$id]['vpnips']; - $addresses = explode(' ', $pconfig['address']); - $address = explode(" ", $addresses[0]); -} - -if ($_POST['submit']) { - - conf_mount_rw(); - - unset($input_errors); - $pconfig = $_POST; - - /* input validation */ - $reqdfields = explode(" ", "name"); - $reqdfieldsn = explode(",", "Name"); - - do_input_validation($_POST, $reqdfields, $reqdfieldsn, &$input_errors); - - if(strtolower($_POST['name']) == "defaultwhitelist") - $input_errors[] = "Whitelist file names may not be named defaultwhitelist."; - - $x = is_validwhitelistname($_POST['name']); - if (!isset($x)) { - $input_errors[] = "Reserved word used for whitelist file name."; - } else { - if (is_validwhitelistname($_POST['name']) == false) - $input_errors[] = "Whitelist file name may only consist of the characters a-z, A-Z and 0-9 _. Note: No Spaces. Press Cancel to reset."; - } - - /* check for name conflicts */ - foreach ($a_whitelist as $w_list) { - if (isset($id) && ($a_whitelist[$id]) && ($a_whitelist[$id] === $w_list)) - continue; - - if ($w_list['name'] == $_POST['name']) { - $input_errors[] = "A whitelist file name with this name already exists."; - break; - } - } - - $isfirst = 0; - $address = ""; - $final_address_details .= ""; - /* add another entry code */ - for($x=0; $x<499; $x++) { - if (!empty($_POST["address{$x}"])) { - if ($is_first > 0) - $address .= " "; - $address .= $_POST["address{$x}"]; - if ($_POST["address_subnet{$x}"] <> "") - $address .= "" . $_POST["address_subnet{$x}"]; - - /* Compress in details to a single key, data separated by pipes. - Pulling details here lets us only pull in details for valid - address entries, saving us from having to track which ones to - process later. */ - $final_address_detail = mb_convert_encoding($_POST["detail{$x}"],'HTML-ENTITIES','auto'); - if ($final_address_detail <> "") - $final_address_details .= $final_address_detail; - else { - $final_address_details .= "Entry added" . " "; - $final_address_details .= date('r'); - } - $final_address_details .= "||"; - $is_first++; - } - } - - if (!$input_errors) { - $w_list = array(); - /* post user input */ - $w_list['name'] = $_POST['name']; - $w_list['uuid'] = $whitelist_uuid; - $w_list['snortlisttype'] = $_POST['snortlisttype']; - $w_list['wanips'] = $_POST['wanips']? 'yes' : 'no'; - $w_list['wangateips'] = $_POST['wangateips']? 'yes' : 'no'; - $w_list['wandnsips'] = $_POST['wandnsips']? 'yes' : 'no'; - $w_list['vips'] = $_POST['vips']? 'yes' : 'no'; - $w_list['vpnips'] = $_POST['vpnips']? 'yes' : 'no'; - - $w_list['address'] = $address; - $w_list['descr'] = mb_convert_encoding($_POST['descr'],"HTML-ENTITIES","auto"); - $w_list['detail'] = $final_address_details; - - if (isset($id) && $a_whitelist[$id]) - $a_whitelist[$id] = $w_list; - else - $a_whitelist[] = $w_list; - - write_config(); - - /* create whitelist and homenet file then sync files */ - sync_snort_package_config(); - - header("Location: /snort/snort_interfaces_whitelist.php"); - exit; - } else { - $pconfig['descr'] = mb_convert_encoding($_POST['descr'],"HTML-ENTITIES","auto"); - $pconfig['address'] = $address; - $pconfig['detail'] = $final_address_details; - } - -} - -$pgtitle = "Services: Snort: Whitelist: Edit $whitelist_uuid"; -include_once("head.inc"); - -?> - -<body link="#0000CC" vlink="#0000CC" alink="#0000CC" > - -<?php -include("fbegin.inc"); -echo $snort_general_css; -?> -<script type="text/javascript" src="/javascript/row_helper.js"></script> - <input type='hidden' name='address_type' value='textbox' /> - <script type="text/javascript"> - - rowname[0] = "address"; - rowtype[0] = "textbox"; - rowsize[0] = "20"; - - rowname[1] = "detail"; - rowtype[1] = "textbox"; - rowsize[1] = "30"; -</script> - -<?if($pfsense_stable == 'yes'){echo '<p class="pgtitle">' . $pgtitle . '</p>';}?> - -<?php if ($input_errors) print_input_errors($input_errors); ?> -<div id="inputerrors"></div> - -<form action="snort_interfaces_whitelist_edit.php" method="post" name="iform" id="iform"> -<?php - /* Display Alert message */ - if ($input_errors) - print_input_errors($input_errors); // TODO: add checks - - if ($savemsg) - print_info_box2($savemsg); - -?> - -<table width="100%" border="0" cellpadding="0" cellspacing="0"> - <tr> - <td class="tabcont"> - - <table width="100%" border="0" cellpadding="6" cellspacing="0"> - <tr> - <td colspan="2" valign="top" class="listtopic">Add the name and - description of the file.</td> - </tr> - <tr> - <td valign="top" class="vncellreq2">Name</td> - <td class="vtable"><input name="name" type="text" id="name" - size="40" value="<?=htmlspecialchars($pconfig['name']);?>" /> <br /> - <span class="vexpl"> The list name may only consist of the - characters a-z, A-Z and 0-9. <span class="red">Note: </span> No - Spaces. </span></td> - </tr> - <tr> - <td width="22%" valign="top" class="vncell2">Description</td> - <td width="78%" class="vtable"><input name="descr" type="text" - id="descr" size="40" value="<?=$pconfig['descr'];?>" /> <br /> - <span class="vexpl"> You may enter a description here for your - reference (not parsed). </span></td> - </tr> - <tr> - <td width="22%" valign="top" class="vncell2">List Type</td> - <td width="78%" class="vtable"> - - <div - style="padding: 5px; margin-top: 16px; margin-bottom: 16px; border: 1px dashed #ff3333; background-color: #eee; color: #000; font-size: 8pt;" - id="itemhelp"><strong>WHITELIST:</strong> This - list specifies addresses that Snort Package should not block.<br> - <br> - <strong>NETLIST:</strong> This list is for defining - addresses as $HOME_NET or $EXTERNAL_NET in the snort.conf file.</div> - - <select name="snortlisttype" class="formfld" id="snortlisttype"> - <?php - $interfaces4 = array('whitelist' => 'WHITELIST', 'netlist' => 'NETLIST'); - foreach ($interfaces4 as $iface4 => $ifacename4): ?> - <option value="<?=$iface4;?>" - <?php if ($iface4 == $pconfig['snortlisttype']) echo "selected"; ?>> - <?=htmlspecialchars($ifacename4);?></option> - <?php endforeach; ?> - </select> <span class="vexpl"> Choose the type of - list you will like see in your <span class="red">Interface Edit Tab</span>. - </span></td> - </tr> - <tr> - <td colspan="2" valign="top" class="listtopic">Add auto generated - ips.</td> - </tr> - <tr> - <td width="22%" valign="top" class="vncell2">WAN IPs</td> - <td width="78%" class="vtable"><input name="wanips" type="checkbox" - id="wanips" size="40" value="yes" - <?php if($pconfig['wanips'] == 'yes'){ echo "checked";} if($pconfig['wanips'] == ''){ echo "checked";} ?> /> - <span class="vexpl"> Add WAN IPs to the list. </span></td> - </tr> - <tr> - <td width="22%" valign="top" class="vncell2">Wan Gateways</td> - <td width="78%" class="vtable"><input name="wangateips" - type="checkbox" id="wangateips" size="40" value="yes" - <?php if($pconfig['wangateips'] == 'yes'){ echo "checked";} if($pconfig['wangateips'] == ''){ echo "checked";} ?> /> - <span class="vexpl"> Add WAN Gateways to the list. </span></td> - </tr> - <tr> - <td width="22%" valign="top" class="vncell2">Wan DNS servers</td> - <td width="78%" class="vtable"><input name="wandnsips" - type="checkbox" id="wandnsips" size="40" value="yes" - <?php if($pconfig['wandnsips'] == 'yes'){ echo "checked";} if($pconfig['wandnsips'] == ''){ echo "checked";} ?> /> - <span class="vexpl"> Add WAN DNS servers to the list. </span></td> - </tr> - <tr> - <td width="22%" valign="top" class="vncell2">Virtual IP Addresses</td> - <td width="78%" class="vtable"><input name="vips" type="checkbox" - id="vips" size="40" value="yes" - <?php if($pconfig['vips'] == 'yes'){ echo "checked";} if($pconfig['vips'] == ''){ echo "checked";} ?> /> - <span class="vexpl"> Add Virtual IP Addresses to the list. </span></td> - </tr> - <tr> - <td width="22%" valign="top" class="vncell2">VPNs</td> - <td width="78%" class="vtable"><input name="vpnips" type="checkbox" - id="vpnips" size="40" value="yes" - <?php if($pconfig['vpnips'] == 'yes'){ echo "checked";} if($pconfig['vpnips'] == ''){ echo "checked";} ?> /> - <span class="vexpl"> Add VPN Addresses to the list. </span></td> - </tr> - <tr> - <td colspan="2" valign="top" class="listtopic">Add your own custom - ips.</td> - </tr> - <tr> - <td width="22%" valign="top" class="vncellreq2"> - <div id="addressnetworkport">IP or CIDR items</div> - </td> - <td width="78%" class="vtable"> - <table id="maintable"> - <tbody> - <tr> - <td colspan="4"> - <div - style="padding: 5px; margin-top: 16px; margin-bottom: 16px; border: 1px dashed #ff3333; background-color: #eee; color: #000; font-size: 8pt;" - id="itemhelp">For <strong>WHITELIST's</strong> enter <strong>ONLY - IPs not CIDRs</strong>. Example: 192.168.4.1<br> - <br> - For <strong>NETLIST's</strong> you may enter <strong>IPs and - CIDRs</strong>. Example: 192.168.4.1 or 192.168.4.0/24</div> - </td> - </tr> - <tr> - <td> - <div id="onecolumn">IP or CIDR</div> - </td> - <td> - <div id="threecolumn">Add a Description or leave blank and a date - will be added.</div> - </td> - </tr> - - <?php - /* cleanup code */ - $counter = 0; - $address = $pconfig['address']; - if ($address <> ""): - $item = explode(" ", $address); - $item3 = explode("||", $pconfig['detail']); - foreach($item as $ww): - $address = $item[$counter]; - $item4 = $item3[$counter]; - ?> - <tr> - <td><input name="address<?php echo $counter; ?>" class="formfld unknown" type="text" id="address<?php echo $counter; ?>" size="30" value="<?=htmlspecialchars($address);?>" /></td> - <td><input name="detail<?php echo $counter; ?>" class="formfld unknown" type="text" id="address<?php echo $counter; ?>" size="50" value="<?=$item4;?>" /></td> - <td> - <?php echo "<input type=\"image\" src=\"/themes/".$g['theme']."/images/icons/icon_x.gif\" onclick=\"removeRow(this); return false;\" value=\"Delete\" />"; ?> - </td> - </tr> - <?php - $counter++; - - endforeach; endif; - ?> - </tbody> - </table> - <a onclick="javascript:addRowTo('maintable'); return false;" - href="#"><img border="0" - src="/themes/<?= $g['theme']; ?>/images/icons/icon_plus.gif" alt="" - title="add another entry" /> </a></td> - </tr> - <tr> - <td width="22%" valign="top"> </td> - <td width="78%"> - <input id="submit" name="submit" type="submit" class="formbtn" value="Save" /> - <input id="cancelbutton" name="cancelbutton" type="button" class="formbtn" value="Cancel" onclick="history.back()" /> - <input name="id" type="hidden" value="<?=$id;?>" /> - </td> - </tr> - </table> - </td> - </tr> -</table> -</form> - -<script type="text/javascript"> - /* row and col adjust when you add extra entries */ - - field_counter_js = 3; - rows = 1; - totalrows = <?php echo $counter; ?>; - loaded = <?php echo $counter; ?>; - -</script> - -<?php include("fend.inc"); ?> -</body> -</html> +<?php
+/* $Id$ */
+/*
+ firewall_aliases_edit.php
+ Copyright (C) 2004 Scott Ullrich
+ Copyright (C) 2011 Ermal Luci
+ All rights reserved.
+
+ originially part of m0n0wall (http://m0n0.ch/wall)
+ Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>.
+ All rights reserved.
+
+ modified for the pfsense snort package
+ Copyright (C) 2009-2010 Robert Zelaya.
+ All rights reserved.
+
+ Redistribution and use in source and binary forms, with or without
+ modification, are permitted provided that the following conditions are met:
+
+ 1. Redistributions of source code must retain the above copyright notice,
+ this list of conditions and the following disclaimer.
+
+ 2. Redistributions in binary form must reproduce the above copyright
+ notice, this list of conditions and the following disclaimer in the
+ documentation and/or other materials provided with the distribution.
+
+ THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
+ INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
+ AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
+ OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ POSSIBILITY OF SUCH DAMAGE.
+ */
+
+require_once("guiconfig.inc");
+require_once("/usr/local/pkg/snort/snort_gui.inc");
+require_once("/usr/local/pkg/snort/snort.inc");
+
+if (!is_array($config['installedpackages']['snortglobal']['whitelist']['item']))
+ $config['installedpackages']['snortglobal']['whitelist']['item'] = array();
+
+$a_whitelist = &$config['installedpackages']['snortglobal']['whitelist']['item'];
+
+$id = $_GET['id'];
+if (isset($_POST['id']))
+ $id = $_POST['id'];
+if (is_null($id)) {
+ header("Location: /snort/snort_interfaces_whitelist.php");
+ exit;
+}
+
+/* gen uuid for each iface !inportant */
+if ($config['installedpackages']['snortglobal']['whitelist']['item'][$id]['uuid'] == '') {
+ $whitelist_uuid = 0;
+ while ($whitelist_uuid > 65535 || $whitelist_uuid == 0) {
+ $whitelist_uuid = mt_rand(1, 65535);
+ $pconfig['uuid'] = $whitelist_uuid;
+ }
+} else if ($config['installedpackages']['snortglobal']['whitelist']['item'][$id]['uuid'] != '') {
+ $whitelist_uuid = $config['installedpackages']['snortglobal']['whitelist']['item'][$id]['uuid'];
+}
+
+$d_snort_whitelist_dirty_path = '/var/run/snort_whitelist.dirty';
+
+/* returns true if $name is a valid name for a whitelist file name or ip */
+function is_validwhitelistname($name) {
+ if (!is_string($name))
+ return false;
+
+ if (!preg_match("/[^a-zA-Z0-9\.\/]/", $name))
+ return true;
+
+ return false;
+}
+
+
+if (isset($id) && $a_whitelist[$id]) {
+
+ /* old settings */
+ $pconfig = array();
+ $pconfig['name'] = $a_whitelist[$id]['name'];
+ $pconfig['uuid'] = $a_whitelist[$id]['uuid'];
+ $pconfig['detail'] = $a_whitelist[$id]['detail'];
+ $pconfig['snortlisttype'] = $a_whitelist[$id]['snortlisttype'];
+ $pconfig['address'] = $a_whitelist[$id]['address'];
+ $pconfig['descr'] = html_entity_decode($a_whitelist[$id]['descr']);
+ $pconfig['wanips'] = $a_whitelist[$id]['wanips'];
+ $pconfig['wangateips'] = $a_whitelist[$id]['wangateips'];
+ $pconfig['wandnsips'] = $a_whitelist[$id]['wandnsips'];
+ $pconfig['vips'] = $a_whitelist[$id]['vips'];
+ $pconfig['vpnips'] = $a_whitelist[$id]['vpnips'];
+ $addresses = explode(' ', $pconfig['address']);
+ $address = explode(" ", $addresses[0]);
+}
+
+if ($_POST['submit']) {
+
+ conf_mount_rw();
+
+ unset($input_errors);
+ $pconfig = $_POST;
+
+ /* input validation */
+ $reqdfields = explode(" ", "name");
+ $reqdfieldsn = explode(",", "Name");
+
+ do_input_validation($_POST, $reqdfields, $reqdfieldsn, &$input_errors);
+
+ if(strtolower($_POST['name']) == "defaultwhitelist")
+ $input_errors[] = "Whitelist file names may not be named defaultwhitelist.";
+
+ $x = is_validwhitelistname($_POST['name']);
+ if (!isset($x)) {
+ $input_errors[] = "Reserved word used for whitelist file name.";
+ } else {
+ if (is_validwhitelistname($_POST['name']) == false)
+ $input_errors[] = "Whitelist file name may only consist of the characters a-z, A-Z and 0-9 _. Note: No Spaces. Press Cancel to reset.";
+ }
+
+ /* check for name conflicts */
+ foreach ($a_whitelist as $w_list) {
+ if (isset($id) && ($a_whitelist[$id]) && ($a_whitelist[$id] === $w_list))
+ continue;
+
+ if ($w_list['name'] == $_POST['name']) {
+ $input_errors[] = "A whitelist file name with this name already exists.";
+ break;
+ }
+ }
+
+ $isfirst = 0;
+ $address = "";
+ $final_address_details .= "";
+ /* add another entry code */
+ for($x=0; $x<499; $x++) {
+ if (!empty($_POST["address{$x}"])) {
+ if ($is_first > 0)
+ $address .= " ";
+ $address .= $_POST["address{$x}"];
+ if ($_POST["address_subnet{$x}"] <> "")
+ $address .= "" . $_POST["address_subnet{$x}"];
+
+ /* Compress in details to a single key, data separated by pipes.
+ Pulling details here lets us only pull in details for valid
+ address entries, saving us from having to track which ones to
+ process later. */
+ $final_address_detail = mb_convert_encoding($_POST["detail{$x}"],'HTML-ENTITIES','auto');
+ if ($final_address_detail <> "")
+ $final_address_details .= $final_address_detail;
+ else {
+ $final_address_details .= "Entry added" . " ";
+ $final_address_details .= date('r');
+ }
+ $final_address_details .= "||";
+ $is_first++;
+ }
+ }
+
+ if (!$input_errors) {
+ $w_list = array();
+ /* post user input */
+ $w_list['name'] = $_POST['name'];
+ $w_list['uuid'] = $whitelist_uuid;
+ $w_list['snortlisttype'] = $_POST['snortlisttype'];
+ $w_list['wanips'] = $_POST['wanips']? 'yes' : 'no';
+ $w_list['wangateips'] = $_POST['wangateips']? 'yes' : 'no';
+ $w_list['wandnsips'] = $_POST['wandnsips']? 'yes' : 'no';
+ $w_list['vips'] = $_POST['vips']? 'yes' : 'no';
+ $w_list['vpnips'] = $_POST['vpnips']? 'yes' : 'no';
+
+ $w_list['address'] = $address;
+ $w_list['descr'] = mb_convert_encoding($_POST['descr'],"HTML-ENTITIES","auto");
+ $w_list['detail'] = $final_address_details;
+
+ if (isset($id) && $a_whitelist[$id])
+ $a_whitelist[$id] = $w_list;
+ else
+ $a_whitelist[] = $w_list;
+
+ write_config();
+
+ /* create whitelist and homenet file then sync files */
+ sync_snort_package_config();
+
+ header("Location: /snort/snort_interfaces_whitelist.php");
+ exit;
+ } else {
+ $pconfig['descr'] = mb_convert_encoding($_POST['descr'],"HTML-ENTITIES","auto");
+ $pconfig['address'] = $address;
+ $pconfig['detail'] = $final_address_details;
+ }
+
+}
+
+$pgtitle = "Services: Snort: Whitelist: Edit $whitelist_uuid";
+include_once("head.inc");
+
+?>
+
+<body link="#0000CC" vlink="#0000CC" alink="#0000CC" >
+
+<?php
+include("fbegin.inc");
+echo $snort_general_css;
+?>
+<script type="text/javascript" src="/javascript/row_helper.js"></script>
+ <input type='hidden' name='address_type' value='textbox' />
+ <script type="text/javascript">
+
+ rowname[0] = "address";
+ rowtype[0] = "textbox";
+ rowsize[0] = "20";
+
+ rowname[1] = "detail";
+ rowtype[1] = "textbox";
+ rowsize[1] = "30";
+</script>
+
+<?if($pfsense_stable == 'yes'){echo '<p class="pgtitle">' . $pgtitle . '</p>';}?>
+
+<?php if ($input_errors) print_input_errors($input_errors); ?>
+<div id="inputerrors"></div>
+
+<form action="snort_interfaces_whitelist_edit.php" method="post" name="iform" id="iform">
+<?php
+ /* Display Alert message */
+ if ($input_errors)
+ print_input_errors($input_errors); // TODO: add checks
+
+ if ($savemsg)
+ print_info_box2($savemsg);
+
+?>
+
+<table width="100%" border="0" cellpadding="0" cellspacing="0">
+ <tr>
+ <td class="tabcont">
+
+ <table width="100%" border="0" cellpadding="6" cellspacing="0">
+ <tr>
+ <td colspan="2" valign="top" class="listtopic">Add the name and
+ description of the file.</td>
+ </tr>
+ <tr>
+ <td valign="top" class="vncellreq2">Name</td>
+ <td class="vtable"><input name="name" type="text" id="name"
+ size="40" value="<?=htmlspecialchars($pconfig['name']);?>" /> <br />
+ <span class="vexpl"> The list name may only consist of the
+ characters a-z, A-Z and 0-9. <span class="red">Note: </span> No
+ Spaces. </span></td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncell2">Description</td>
+ <td width="78%" class="vtable"><input name="descr" type="text"
+ id="descr" size="40" value="<?=$pconfig['descr'];?>" /> <br />
+ <span class="vexpl"> You may enter a description here for your
+ reference (not parsed). </span></td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncell2">List Type</td>
+ <td width="78%" class="vtable">
+
+ <div
+ style="padding: 5px; margin-top: 16px; margin-bottom: 16px; border: 1px dashed #ff3333; background-color: #eee; color: #000; font-size: 8pt;"
+ id="itemhelp"><strong>WHITELIST:</strong> This
+ list specifies addresses that Snort Package should not block.<br>
+ <br>
+ <strong>NETLIST:</strong> This list is for defining
+ addresses as $HOME_NET or $EXTERNAL_NET in the snort.conf file.</div>
+
+ <select name="snortlisttype" class="formfld" id="snortlisttype">
+ <?php
+ $interfaces4 = array('whitelist' => 'WHITELIST', 'netlist' => 'NETLIST');
+ foreach ($interfaces4 as $iface4 => $ifacename4): ?>
+ <option value="<?=$iface4;?>"
+ <?php if ($iface4 == $pconfig['snortlisttype']) echo "selected"; ?>>
+ <?=htmlspecialchars($ifacename4);?></option>
+ <?php endforeach; ?>
+ </select> <span class="vexpl"> Choose the type of
+ list you will like see in your <span class="red">Interface Edit Tab</span>.
+ </span></td>
+ </tr>
+ <tr>
+ <td colspan="2" valign="top" class="listtopic">Add auto generated
+ ips.</td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncell2">WAN IPs</td>
+ <td width="78%" class="vtable"><input name="wanips" type="checkbox"
+ id="wanips" size="40" value="yes"
+ <?php if($pconfig['wanips'] == 'yes'){ echo "checked";} if($pconfig['wanips'] == ''){ echo "checked";} ?> />
+ <span class="vexpl"> Add WAN IPs to the list. </span></td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncell2">Wan Gateways</td>
+ <td width="78%" class="vtable"><input name="wangateips"
+ type="checkbox" id="wangateips" size="40" value="yes"
+ <?php if($pconfig['wangateips'] == 'yes'){ echo "checked";} if($pconfig['wangateips'] == ''){ echo "checked";} ?> />
+ <span class="vexpl"> Add WAN Gateways to the list. </span></td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncell2">Wan DNS servers</td>
+ <td width="78%" class="vtable"><input name="wandnsips"
+ type="checkbox" id="wandnsips" size="40" value="yes"
+ <?php if($pconfig['wandnsips'] == 'yes'){ echo "checked";} if($pconfig['wandnsips'] == ''){ echo "checked";} ?> />
+ <span class="vexpl"> Add WAN DNS servers to the list. </span></td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncell2">Virtual IP Addresses</td>
+ <td width="78%" class="vtable"><input name="vips" type="checkbox"
+ id="vips" size="40" value="yes"
+ <?php if($pconfig['vips'] == 'yes'){ echo "checked";} if($pconfig['vips'] == ''){ echo "checked";} ?> />
+ <span class="vexpl"> Add Virtual IP Addresses to the list. </span></td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncell2">VPNs</td>
+ <td width="78%" class="vtable"><input name="vpnips" type="checkbox"
+ id="vpnips" size="40" value="yes"
+ <?php if($pconfig['vpnips'] == 'yes'){ echo "checked";} if($pconfig['vpnips'] == ''){ echo "checked";} ?> />
+ <span class="vexpl"> Add VPN Addresses to the list. </span></td>
+ </tr>
+ <tr>
+ <td colspan="2" valign="top" class="listtopic">Add your own custom
+ ips.</td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncellreq2">
+ <div id="addressnetworkport">IP or CIDR items</div>
+ </td>
+ <td width="78%" class="vtable">
+ <table id="maintable">
+ <tbody>
+ <tr>
+ <td colspan="4">
+ <div
+ style="padding: 5px; margin-top: 16px; margin-bottom: 16px; border: 1px dashed #ff3333; background-color: #eee; color: #000; font-size: 8pt;"
+ id="itemhelp">For <strong>WHITELIST's</strong> enter <strong>ONLY
+ IPs not CIDRs</strong>. Example: 192.168.4.1<br>
+ <br>
+ For <strong>NETLIST's</strong> you may enter <strong>IPs and
+ CIDRs</strong>. Example: 192.168.4.1 or 192.168.4.0/24</div>
+ </td>
+ </tr>
+ <tr>
+ <td>
+ <div id="onecolumn">IP or CIDR</div>
+ </td>
+ <td>
+ <div id="threecolumn">Add a Description or leave blank and a date
+ will be added.</div>
+ </td>
+ </tr>
+
+ <?php
+ /* cleanup code */
+ $counter = 0;
+ $address = $pconfig['address'];
+ if ($address <> ""):
+ $item = explode(" ", $address);
+ $item3 = explode("||", $pconfig['detail']);
+ foreach($item as $ww):
+ $address = $item[$counter];
+ $item4 = $item3[$counter];
+ ?>
+ <tr>
+ <td><input name="address<?php echo $counter; ?>" class="formfld unknown" type="text" id="address<?php echo $counter; ?>" size="30" value="<?=htmlspecialchars($address);?>" /></td>
+ <td><input name="detail<?php echo $counter; ?>" class="formfld unknown" type="text" id="address<?php echo $counter; ?>" size="50" value="<?=$item4;?>" /></td>
+ <td>
+ <?php echo "<input type=\"image\" src=\"/themes/".$g['theme']."/images/icons/icon_x.gif\" onclick=\"removeRow(this); return false;\" value=\"Delete\" />"; ?>
+ </td>
+ </tr>
+ <?php
+ $counter++;
+
+ endforeach; endif;
+ ?>
+ </tbody>
+ </table>
+ <a onclick="javascript:addRowTo('maintable'); return false;"
+ href="#"><img border="0"
+ src="/themes/<?= $g['theme']; ?>/images/icons/icon_plus.gif" alt=""
+ title="add another entry" /> </a></td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top"> </td>
+ <td width="78%">
+ <input id="submit" name="submit" type="submit" class="formbtn" value="Save" />
+ <input id="cancelbutton" name="cancelbutton" type="button" class="formbtn" value="Cancel" onclick="history.back()" />
+ <input name="id" type="hidden" value="<?=$id;?>" />
+ </td>
+ </tr>
+ </table>
+ </td>
+ </tr>
+</table>
+</form>
+
+<script type="text/javascript">
+ /* row and col adjust when you add extra entries */
+
+ field_counter_js = 3;
+ rows = 1;
+ totalrows = <?php echo $counter; ?>;
+ loaded = <?php echo $counter; ?>;
+
+</script>
+
+<?php include("fend.inc"); ?>
+</body>
+</html>
diff --git a/config/snort-dev/snort_preprocessors.php b/config/snort-dev/snort_preprocessors.php index 7f89d433..0faf4257 100644 --- a/config/snort-dev/snort_preprocessors.php +++ b/config/snort-dev/snort_preprocessors.php @@ -1,391 +1,391 @@ -<?php -/* $Id$ */ -/* - snort_preprocessors.php - part of m0n0wall (http://m0n0.ch/wall) - - Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>. - Copyright (C) 2008-2009 Robert Zelaya. - Copyright (C) 2011 Ermal Luci - All rights reserved. - - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions are met: - - 1. Redistributions of source code must retain the above copyright notice, - this list of conditions and the following disclaimer. - - 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. - - THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, - INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY - AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, - OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - POSSIBILITY OF SUCH DAMAGE. - */ - - -require_once("guiconfig.inc"); -require_once("/usr/local/pkg/snort/snort_gui.inc"); -require_once("/usr/local/pkg/snort/snort.inc"); - -global $g; - -if (!is_array($config['installedpackages']['snortglobal']['rule'])) { - $config['installedpackages']['snortglobal']['rule'] = array(); -} -$a_nat = &$config['installedpackages']['snortglobal']['rule']; - -$id = $_GET['id']; -if (isset($_POST['id'])) - $id = $_POST['id']; -if (is_null($id)) { - header("Location: /snort/snort_interfaces.php"); - exit; -} - -$pconfig = array(); -if (isset($id) && $a_nat[$id]) { - $pconfig = $a_nat[$id]; - - /* new options */ - $pconfig['perform_stat'] = $a_nat[$id]['perform_stat']; - $pconfig['def_ssl_ports_ignore'] = $a_nat[$id]['def_ssl_ports_ignore']; - $pconfig['flow_depth'] = $a_nat[$id]['flow_depth']; - $pconfig['max_queued_bytes'] = $a_nat[$id]['max_queued_bytes']; - $pconfig['max_queued_segs'] = $a_nat[$id]['max_queued_segs']; - $pconfig['perform_stat'] = $a_nat[$id]['perform_stat']; - $pconfig['http_inspect'] = $a_nat[$id]['http_inspect']; - $pconfig['other_preprocs'] = $a_nat[$id]['other_preprocs']; - $pconfig['ftp_preprocessor'] = $a_nat[$id]['ftp_preprocessor']; - $pconfig['smtp_preprocessor'] = $a_nat[$id]['smtp_preprocessor']; - $pconfig['sf_portscan'] = $a_nat[$id]['sf_portscan']; - $pconfig['dce_rpc_2'] = $a_nat[$id]['dce_rpc_2']; - $pconfig['dns_preprocessor'] = $a_nat[$id]['dns_preprocessor']; -} - -/* convert fake interfaces to real */ -$if_real = snort_get_real_interface($pconfig['interface']); -$snort_uuid = $pconfig['uuid']; - -/* alert file */ -$d_snortconfdirty_path = "/var/run/snort_conf_{$snort_uuid}_{$if_real}.dirty"; - -if ($_POST) { - - $natent = array(); - $natent = $pconfig; - - /* if no errors write to conf */ - if (!$input_errors) { - /* post new options */ - $natent['perform_stat'] = $_POST['perform_stat']; - if ($_POST['def_ssl_ports_ignore'] != "") { $natent['def_ssl_ports_ignore'] = $_POST['def_ssl_ports_ignore']; }else{ $natent['def_ssl_ports_ignore'] = ""; } - if ($_POST['flow_depth'] != "") { $natent['flow_depth'] = $_POST['flow_depth']; }else{ $natent['flow_depth'] = ""; } - if ($_POST['max_queued_bytes'] != "") { $natent['max_queued_bytes'] = $_POST['max_queued_bytes']; }else{ $natent['max_queued_bytes'] = ""; } - if ($_POST['max_queued_segs'] != "") { $natent['max_queued_segs'] = $_POST['max_queued_segs']; }else{ $natent['max_queued_segs'] = ""; } - - $natent['perform_stat'] = $_POST['perform_stat'] ? 'on' : 'off'; - $natent['http_inspect'] = $_POST['http_inspect'] ? 'on' : 'off'; - $natent['other_preprocs'] = $_POST['other_preprocs'] ? 'on' : 'off'; - $natent['ftp_preprocessor'] = $_POST['ftp_preprocessor'] ? 'on' : 'off'; - $natent['smtp_preprocessor'] = $_POST['smtp_preprocessor'] ? 'on' : 'off'; - $natent['sf_portscan'] = $_POST['sf_portscan'] ? 'on' : 'off'; - $natent['dce_rpc_2'] = $_POST['dce_rpc_2'] ? 'on' : 'off'; - $natent['dns_preprocessor'] = $_POST['dns_preprocessor'] ? 'on' : 'off'; - - if (isset($id) && $a_nat[$id]) - $a_nat[$id] = $natent; - else { - if (is_numeric($after)) - array_splice($a_nat, $after+1, 0, array($natent)); - else - $a_nat[] = $natent; - } - - write_config(); - - $if_real = snort_get_real_interface($pconfig['interface']); - sync_snort_package_config(); - - /* after click go to this page */ - header( 'Expires: Sat, 26 Jul 1997 05:00:00 GMT' ); - header( 'Last-Modified: ' . gmdate( 'D, d M Y H:i:s' ) . ' GMT' ); - header( 'Cache-Control: no-store, no-cache, must-revalidate' ); - header( 'Cache-Control: post-check=0, pre-check=0', false ); - header( 'Pragma: no-cache' ); - header("Location: snort_preprocessors.php?id=$id"); - exit; - } -} - -$pgtitle = "Snort: Interface $id$if_real Preprocessors and Flow"; -include_once("head.inc"); - -?> -<body - link="#0000CC" vlink="#0000CC" alink="#0000CC"> - -<?php include("fbegin.inc"); ?> -<?if($pfsense_stable == 'yes'){echo '<p class="pgtitle">' . $pgtitle . '</p>';}?> - -<?php -echo "{$snort_general_css}\n"; -?> - -<div class="body2"> - -<noscript> -<div class="alert" ALIGN=CENTER><img - src="../themes/<?php echo $g['theme']; ?>/images/icons/icon_alert.gif" /><strong>Please -enable JavaScript to view this content -</CENTER></div> -</noscript> - - -<form action="snort_preprocessors.php" method="post" - enctype="multipart/form-data" name="iform" id="iform"><?php - - /* Display Alert message */ - - if ($input_errors) { - print_input_errors($input_errors); // TODO: add checks - } - - if ($savemsg) { - print_info_box2($savemsg); - } - - ?> - -<table width="100%" border="0" cellpadding="0" cellspacing="0"> -<tr><td> -<?php - $tab_array = array(); - $tabid = 0; - $tab_array[$tabid] = array(gettext("Snort Interfaces"), false, "/snort/snort_interfaces.php"); - $tabid++; - $tab_array[$tabid] = array(gettext("If Settings"), false, "/snort/snort_interfaces_edit.php?id={$id}"); - $tabid++; - $tab_array[$tabid] = array(gettext("Categories"), false, "/snort/snort_rulesets.php?id={$id}"); - $tabid++; - $tab_array[$tabid] = array(gettext("Rules"), false, "/snort/snort_rules.php?id={$id}"); - $tabid++; - $tab_array[$tabid] = array(gettext("Servers"), false, "/snort/snort_define_servers.php?id={$id}"); - $tabid++; - $tab_array[$tabid] = array(gettext("Preprocessors"), true, "/snort/snort_preprocessors.php?id={$id}"); - $tabid++; - $tab_array[$tabid] = array(gettext("Barnyard2"), false, "/snort/snort_barnyard.php?id={$id}"); - display_top_tabs($tab_array); -?> -</td></tr> - <tr> - <td class="tabcont"> - <table width="100%" border="0" cellpadding="6" cellspacing="0"> - <?php - /* display error code if there is no id */ - if($id == "") - { - echo " - <style type=\"text/css\"> - .noid { - position:absolute; - top:10px; - left:0px; - width:94%; - background:#FCE9C0; - background-position: 15px; - border-top:2px solid #DBAC48; - border-bottom:2px solid #DBAC48; - padding: 15px 10px 85% 50px; - } - </style> - <div class=\"alert\" ALIGN=CENTER><img src=\"../themes/{$g['theme']}/images/icons/icon_alert.gif\"/><strong>You can not edit options without an interface ID.</CENTER></div>\n"; - - } - ?> - <tr> - <td width="22%" valign="top"> </td> - <td width="78%"><span class="vexpl"><span class="red"><strong>Note: - </strong></span><br> - Rules may be dependent on preprocessors!<br> - Defaults will be used when there is no user input.<br></td> - </tr> - <tr> - <td colspan="2" valign="top" class="listtopic">Performance - Statistics</td> - </tr> - <tr> - <td width="22%" valign="top" class="vncell2">Enable</td> - <td width="78%" class="vtable"><input name="perform_stat" - type="checkbox" value="on" - <?php if ($pconfig['perform_stat']=="on") echo "checked"; ?> - onClick="enable_change(false)"> Performance Statistics for this - interface.</td> - </tr> - <tr> - <td colspan="2" valign="top" class="listtopic">HTTP Inspect Settings</td> - </tr> - <tr> - <td width="22%" valign="top" class="vncell2">Enable</td> - <td width="78%" class="vtable"><input name="http_inspect" - type="checkbox" value="on" - <?php if ($pconfig['http_inspect']=="on") echo "checked"; ?> - onClick="enable_change(false)"> Use HTTP Inspect to - Normalize/Decode and detect HTTP traffic and protocol anomalies.</td> - </tr> - <tr> - <td valign="top" class="vncell2">HTTP server flow depth</td> - <td class="vtable"> - <table cellpadding="0" cellspacing="0"> - <tr> - <td><input name="flow_depth" type="text" class="formfld" - id="flow_depth" size="5" - value="<?=htmlspecialchars($pconfig['flow_depth']);?>"> <strong>-1</strong> - to <strong>1460</strong> (<strong>-1</strong> disables HTTP - inspect, <strong>0</strong> enables all HTTP inspect)</td> - </tr> - </table> - Amount of HTTP server response payload to inspect. Snort's - performance may increase by adjusting this value.<br> - Setting this value too low may cause false negatives. Values above 0 - are specified in bytes. Default value is <strong>0</strong><br> - </td> - </tr> - <tr> - <td colspan="2" valign="top" class="listtopic">Stream5 Settings</td> - </tr> - <tr> - <td valign="top" class="vncell2">Max Queued Bytes</td> - <td class="vtable"> - <table cellpadding="0" cellspacing="0"> - <tr> - <td><input name="max_queued_bytes" type="text" class="formfld" - id="max_queued_bytes" size="5" - value="<?=htmlspecialchars($pconfig['max_queued_bytes']);?>"> - Minimum is <strong>1024</strong>, Maximum is <strong>1073741824</strong> - ( default value is <strong>1048576</strong>, <strong>0</strong> - means Maximum )</td> - </tr> - </table> - The number of bytes to be queued for reassembly for TCP sessions in - memory. Default value is <strong>1048576</strong><br> - </td> - </tr> - <tr> - <td valign="top" class="vncell2">Max Queued Segs</td> - <td class="vtable"> - <table cellpadding="0" cellspacing="0"> - <tr> - <td><input name="max_queued_segs" type="text" class="formfld" - id="max_queued_segs" size="5" - value="<?=htmlspecialchars($pconfig['max_queued_segs']);?>"> - Minimum is <strong>2</strong>, Maximum is <strong>1073741824</strong> - ( default value is <strong>2621</strong>, <strong>0</strong> means - Maximum )</td> - </tr> - </table> - The number of segments to be queued for reassembly for TCP sessions - in memory. Default value is <strong>2621</strong><br> - </td> - </tr> - <tr> - <td colspan="2" valign="top" class="listtopic">General Preprocessor - Settings</td> - </tr> - <tr> - <td width="22%" valign="top" class="vncell2">Enable <br> - RPC Decode and Back Orifice detector</td> - <td width="78%" class="vtable"><input name="other_preprocs" - type="checkbox" value="on" - <?php if ($pconfig['other_preprocs']=="on") echo "checked"; ?> - onClick="enable_change(false)"><br> - Normalize/Decode RPC traffic and detects Back Orifice traffic on the - network.</td> - </tr> - <tr> - <td width="22%" valign="top" class="vncell2">Enable <br> - FTP and Telnet Normalizer</td> - <td width="78%" class="vtable"><input name="ftp_preprocessor" - type="checkbox" value="on" - <?php if ($pconfig['ftp_preprocessor']=="on") echo "checked"; ?> - onClick="enable_change(false)"><br> - Normalize/Decode FTP and Telnet traffic and protocol anomalies.</td> - </tr> - <tr> - <td width="22%" valign="top" class="vncell2">Enable <br> - SMTP Normalizer</td> - <td width="78%" class="vtable"><input name="smtp_preprocessor" - type="checkbox" value="on" - <?php if ($pconfig['smtp_preprocessor']=="on") echo "checked"; ?> - onClick="enable_change(false)"><br> - Normalize/Decode SMTP protocol for enforcement and buffer overflows.</td> - </tr> - <tr> - <td width="22%" valign="top" class="vncell2">Enable <br> - Portscan Detection</td> - <td width="78%" class="vtable"><input name="sf_portscan" - type="checkbox" value="on" - <?php if ($pconfig['sf_portscan']=="on") echo "checked"; ?> - onClick="enable_change(false)"><br> - Detects various types of portscans and portsweeps.</td> - </tr> - <tr> - <td width="22%" valign="top" class="vncell2">Enable <br> - DCE/RPC2 Detection</td> - <td width="78%" class="vtable"><input name="dce_rpc_2" - type="checkbox" value="on" - <?php if ($pconfig['dce_rpc_2']=="on") echo "checked"; ?> - onClick="enable_change(false)"><br> - The DCE/RPC preprocessor detects and decodes SMB and DCE/RPC - traffic.</td> - </tr> - <tr> - <td width="22%" valign="top" class="vncell2">Enable <br> - DNS Detection</td> - <td width="78%" class="vtable"><input name="dns_preprocessor" - type="checkbox" value="on" - <?php if ($pconfig['dns_preprocessor']=="on") echo "checked"; ?> - onClick="enable_change(false)"><br> - The DNS preprocessor decodes DNS Response traffic and detects some - vulnerabilities.</td> - </tr> - <tr> - <td width="22%" valign="top" class="vncell2">Define SSL_IGNORE</td> - <td width="78%" class="vtable"><input name="def_ssl_ports_ignore" - type="text" class="formfld" id="def_ssl_ports_ignore" size="40" - value="<?=htmlspecialchars($pconfig['def_ssl_ports_ignore']);?>"> <br> - <span class="vexpl"> Encrypted traffic should be ignored by Snort - for both performance reasons and to reduce false positives.<br> - Default: "443 465 563 636 989 990 992 993 994 995".</span> <strong>Please - use spaces and not commas.</strong></td> - </tr> - <tr> - <td width="22%" valign="top"> </td> - <td width="78%"> - <input name="Submit" type="submit" class="formbtn" value="Save"> - <input name="id" type="hidden" value="<?=$id;?>"></td> - </tr> - <tr> - <td width="22%" valign="top"> </td> - <td width="78%"><span class="vexpl"><span class="red"><strong>Note:</strong></span> - <br> - Please save your settings before you click Start. </td> - </tr> - </table> - -</table> -</form> - -</div> - - <?php include("fend.inc"); ?> -</body> -</html> +<?php
+/* $Id$ */
+/*
+ snort_preprocessors.php
+ part of m0n0wall (http://m0n0.ch/wall)
+
+ Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>.
+ Copyright (C) 2008-2009 Robert Zelaya.
+ Copyright (C) 2011 Ermal Luci
+ All rights reserved.
+
+ Redistribution and use in source and binary forms, with or without
+ modification, are permitted provided that the following conditions are met:
+
+ 1. Redistributions of source code must retain the above copyright notice,
+ this list of conditions and the following disclaimer.
+
+ 2. Redistributions in binary form must reproduce the above copyright
+ notice, this list of conditions and the following disclaimer in the
+ documentation and/or other materials provided with the distribution.
+
+ THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
+ INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
+ AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
+ OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ POSSIBILITY OF SUCH DAMAGE.
+ */
+
+
+require_once("guiconfig.inc");
+require_once("/usr/local/pkg/snort/snort_gui.inc");
+require_once("/usr/local/pkg/snort/snort.inc");
+
+global $g;
+
+if (!is_array($config['installedpackages']['snortglobal']['rule'])) {
+ $config['installedpackages']['snortglobal']['rule'] = array();
+}
+$a_nat = &$config['installedpackages']['snortglobal']['rule'];
+
+$id = $_GET['id'];
+if (isset($_POST['id']))
+ $id = $_POST['id'];
+if (is_null($id)) {
+ header("Location: /snort/snort_interfaces.php");
+ exit;
+}
+
+$pconfig = array();
+if (isset($id) && $a_nat[$id]) {
+ $pconfig = $a_nat[$id];
+
+ /* new options */
+ $pconfig['perform_stat'] = $a_nat[$id]['perform_stat'];
+ $pconfig['def_ssl_ports_ignore'] = $a_nat[$id]['def_ssl_ports_ignore'];
+ $pconfig['flow_depth'] = $a_nat[$id]['flow_depth'];
+ $pconfig['max_queued_bytes'] = $a_nat[$id]['max_queued_bytes'];
+ $pconfig['max_queued_segs'] = $a_nat[$id]['max_queued_segs'];
+ $pconfig['perform_stat'] = $a_nat[$id]['perform_stat'];
+ $pconfig['http_inspect'] = $a_nat[$id]['http_inspect'];
+ $pconfig['other_preprocs'] = $a_nat[$id]['other_preprocs'];
+ $pconfig['ftp_preprocessor'] = $a_nat[$id]['ftp_preprocessor'];
+ $pconfig['smtp_preprocessor'] = $a_nat[$id]['smtp_preprocessor'];
+ $pconfig['sf_portscan'] = $a_nat[$id]['sf_portscan'];
+ $pconfig['dce_rpc_2'] = $a_nat[$id]['dce_rpc_2'];
+ $pconfig['dns_preprocessor'] = $a_nat[$id]['dns_preprocessor'];
+}
+
+/* convert fake interfaces to real */
+$if_real = snort_get_real_interface($pconfig['interface']);
+$snort_uuid = $pconfig['uuid'];
+
+/* alert file */
+$d_snortconfdirty_path = "/var/run/snort_conf_{$snort_uuid}_{$if_real}.dirty";
+
+if ($_POST) {
+
+ $natent = array();
+ $natent = $pconfig;
+
+ /* if no errors write to conf */
+ if (!$input_errors) {
+ /* post new options */
+ $natent['perform_stat'] = $_POST['perform_stat'];
+ if ($_POST['def_ssl_ports_ignore'] != "") { $natent['def_ssl_ports_ignore'] = $_POST['def_ssl_ports_ignore']; }else{ $natent['def_ssl_ports_ignore'] = ""; }
+ if ($_POST['flow_depth'] != "") { $natent['flow_depth'] = $_POST['flow_depth']; }else{ $natent['flow_depth'] = ""; }
+ if ($_POST['max_queued_bytes'] != "") { $natent['max_queued_bytes'] = $_POST['max_queued_bytes']; }else{ $natent['max_queued_bytes'] = ""; }
+ if ($_POST['max_queued_segs'] != "") { $natent['max_queued_segs'] = $_POST['max_queued_segs']; }else{ $natent['max_queued_segs'] = ""; }
+
+ $natent['perform_stat'] = $_POST['perform_stat'] ? 'on' : 'off';
+ $natent['http_inspect'] = $_POST['http_inspect'] ? 'on' : 'off';
+ $natent['other_preprocs'] = $_POST['other_preprocs'] ? 'on' : 'off';
+ $natent['ftp_preprocessor'] = $_POST['ftp_preprocessor'] ? 'on' : 'off';
+ $natent['smtp_preprocessor'] = $_POST['smtp_preprocessor'] ? 'on' : 'off';
+ $natent['sf_portscan'] = $_POST['sf_portscan'] ? 'on' : 'off';
+ $natent['dce_rpc_2'] = $_POST['dce_rpc_2'] ? 'on' : 'off';
+ $natent['dns_preprocessor'] = $_POST['dns_preprocessor'] ? 'on' : 'off';
+
+ if (isset($id) && $a_nat[$id])
+ $a_nat[$id] = $natent;
+ else {
+ if (is_numeric($after))
+ array_splice($a_nat, $after+1, 0, array($natent));
+ else
+ $a_nat[] = $natent;
+ }
+
+ write_config();
+
+ $if_real = snort_get_real_interface($pconfig['interface']);
+ sync_snort_package_config();
+
+ /* after click go to this page */
+ header( 'Expires: Sat, 26 Jul 1997 05:00:00 GMT' );
+ header( 'Last-Modified: ' . gmdate( 'D, d M Y H:i:s' ) . ' GMT' );
+ header( 'Cache-Control: no-store, no-cache, must-revalidate' );
+ header( 'Cache-Control: post-check=0, pre-check=0', false );
+ header( 'Pragma: no-cache' );
+ header("Location: snort_preprocessors.php?id=$id");
+ exit;
+ }
+}
+
+$pgtitle = "Snort: Interface $id$if_real Preprocessors and Flow";
+include_once("head.inc");
+
+?>
+<body
+ link="#0000CC" vlink="#0000CC" alink="#0000CC">
+
+<?php include("fbegin.inc"); ?>
+<?if($pfsense_stable == 'yes'){echo '<p class="pgtitle">' . $pgtitle . '</p>';}?>
+
+<?php
+echo "{$snort_general_css}\n";
+?>
+
+<div class="body2">
+
+<noscript>
+<div class="alert" ALIGN=CENTER><img
+ src="../themes/<?php echo $g['theme']; ?>/images/icons/icon_alert.gif" /><strong>Please
+enable JavaScript to view this content
+</CENTER></div>
+</noscript>
+
+
+<form action="snort_preprocessors.php" method="post"
+ enctype="multipart/form-data" name="iform" id="iform"><?php
+
+ /* Display Alert message */
+
+ if ($input_errors) {
+ print_input_errors($input_errors); // TODO: add checks
+ }
+
+ if ($savemsg) {
+ print_info_box2($savemsg);
+ }
+
+ ?>
+
+<table width="100%" border="0" cellpadding="0" cellspacing="0">
+<tr><td>
+<?php
+ $tab_array = array();
+ $tabid = 0;
+ $tab_array[$tabid] = array(gettext("Snort Interfaces"), false, "/snort/snort_interfaces.php");
+ $tabid++;
+ $tab_array[$tabid] = array(gettext("If Settings"), false, "/snort/snort_interfaces_edit.php?id={$id}");
+ $tabid++;
+ $tab_array[$tabid] = array(gettext("Categories"), false, "/snort/snort_rulesets.php?id={$id}");
+ $tabid++;
+ $tab_array[$tabid] = array(gettext("Rules"), false, "/snort/snort_rules.php?id={$id}");
+ $tabid++;
+ $tab_array[$tabid] = array(gettext("Servers"), false, "/snort/snort_define_servers.php?id={$id}");
+ $tabid++;
+ $tab_array[$tabid] = array(gettext("Preprocessors"), true, "/snort/snort_preprocessors.php?id={$id}");
+ $tabid++;
+ $tab_array[$tabid] = array(gettext("Barnyard2"), false, "/snort/snort_barnyard.php?id={$id}");
+ display_top_tabs($tab_array);
+?>
+</td></tr>
+ <tr>
+ <td class="tabcont">
+ <table width="100%" border="0" cellpadding="6" cellspacing="0">
+ <?php
+ /* display error code if there is no id */
+ if($id == "")
+ {
+ echo "
+ <style type=\"text/css\">
+ .noid {
+ position:absolute;
+ top:10px;
+ left:0px;
+ width:94%;
+ background:#FCE9C0;
+ background-position: 15px;
+ border-top:2px solid #DBAC48;
+ border-bottom:2px solid #DBAC48;
+ padding: 15px 10px 85% 50px;
+ }
+ </style>
+ <div class=\"alert\" ALIGN=CENTER><img src=\"../themes/{$g['theme']}/images/icons/icon_alert.gif\"/><strong>You can not edit options without an interface ID.</CENTER></div>\n";
+
+ }
+ ?>
+ <tr>
+ <td width="22%" valign="top"> </td>
+ <td width="78%"><span class="vexpl"><span class="red"><strong>Note:
+ </strong></span><br>
+ Rules may be dependent on preprocessors!<br>
+ Defaults will be used when there is no user input.<br></td>
+ </tr>
+ <tr>
+ <td colspan="2" valign="top" class="listtopic">Performance
+ Statistics</td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncell2">Enable</td>
+ <td width="78%" class="vtable"><input name="perform_stat"
+ type="checkbox" value="on"
+ <?php if ($pconfig['perform_stat']=="on") echo "checked"; ?>
+ onClick="enable_change(false)"> Performance Statistics for this
+ interface.</td>
+ </tr>
+ <tr>
+ <td colspan="2" valign="top" class="listtopic">HTTP Inspect Settings</td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncell2">Enable</td>
+ <td width="78%" class="vtable"><input name="http_inspect"
+ type="checkbox" value="on"
+ <?php if ($pconfig['http_inspect']=="on") echo "checked"; ?>
+ onClick="enable_change(false)"> Use HTTP Inspect to
+ Normalize/Decode and detect HTTP traffic and protocol anomalies.</td>
+ </tr>
+ <tr>
+ <td valign="top" class="vncell2">HTTP server flow depth</td>
+ <td class="vtable">
+ <table cellpadding="0" cellspacing="0">
+ <tr>
+ <td><input name="flow_depth" type="text" class="formfld"
+ id="flow_depth" size="5"
+ value="<?=htmlspecialchars($pconfig['flow_depth']);?>"> <strong>-1</strong>
+ to <strong>1460</strong> (<strong>-1</strong> disables HTTP
+ inspect, <strong>0</strong> enables all HTTP inspect)</td>
+ </tr>
+ </table>
+ Amount of HTTP server response payload to inspect. Snort's
+ performance may increase by adjusting this value.<br>
+ Setting this value too low may cause false negatives. Values above 0
+ are specified in bytes. Default value is <strong>0</strong><br>
+ </td>
+ </tr>
+ <tr>
+ <td colspan="2" valign="top" class="listtopic">Stream5 Settings</td>
+ </tr>
+ <tr>
+ <td valign="top" class="vncell2">Max Queued Bytes</td>
+ <td class="vtable">
+ <table cellpadding="0" cellspacing="0">
+ <tr>
+ <td><input name="max_queued_bytes" type="text" class="formfld"
+ id="max_queued_bytes" size="5"
+ value="<?=htmlspecialchars($pconfig['max_queued_bytes']);?>">
+ Minimum is <strong>1024</strong>, Maximum is <strong>1073741824</strong>
+ ( default value is <strong>1048576</strong>, <strong>0</strong>
+ means Maximum )</td>
+ </tr>
+ </table>
+ The number of bytes to be queued for reassembly for TCP sessions in
+ memory. Default value is <strong>1048576</strong><br>
+ </td>
+ </tr>
+ <tr>
+ <td valign="top" class="vncell2">Max Queued Segs</td>
+ <td class="vtable">
+ <table cellpadding="0" cellspacing="0">
+ <tr>
+ <td><input name="max_queued_segs" type="text" class="formfld"
+ id="max_queued_segs" size="5"
+ value="<?=htmlspecialchars($pconfig['max_queued_segs']);?>">
+ Minimum is <strong>2</strong>, Maximum is <strong>1073741824</strong>
+ ( default value is <strong>2621</strong>, <strong>0</strong> means
+ Maximum )</td>
+ </tr>
+ </table>
+ The number of segments to be queued for reassembly for TCP sessions
+ in memory. Default value is <strong>2621</strong><br>
+ </td>
+ </tr>
+ <tr>
+ <td colspan="2" valign="top" class="listtopic">General Preprocessor
+ Settings</td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncell2">Enable <br>
+ RPC Decode and Back Orifice detector</td>
+ <td width="78%" class="vtable"><input name="other_preprocs"
+ type="checkbox" value="on"
+ <?php if ($pconfig['other_preprocs']=="on") echo "checked"; ?>
+ onClick="enable_change(false)"><br>
+ Normalize/Decode RPC traffic and detects Back Orifice traffic on the
+ network.</td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncell2">Enable <br>
+ FTP and Telnet Normalizer</td>
+ <td width="78%" class="vtable"><input name="ftp_preprocessor"
+ type="checkbox" value="on"
+ <?php if ($pconfig['ftp_preprocessor']=="on") echo "checked"; ?>
+ onClick="enable_change(false)"><br>
+ Normalize/Decode FTP and Telnet traffic and protocol anomalies.</td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncell2">Enable <br>
+ SMTP Normalizer</td>
+ <td width="78%" class="vtable"><input name="smtp_preprocessor"
+ type="checkbox" value="on"
+ <?php if ($pconfig['smtp_preprocessor']=="on") echo "checked"; ?>
+ onClick="enable_change(false)"><br>
+ Normalize/Decode SMTP protocol for enforcement and buffer overflows.</td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncell2">Enable <br>
+ Portscan Detection</td>
+ <td width="78%" class="vtable"><input name="sf_portscan"
+ type="checkbox" value="on"
+ <?php if ($pconfig['sf_portscan']=="on") echo "checked"; ?>
+ onClick="enable_change(false)"><br>
+ Detects various types of portscans and portsweeps.</td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncell2">Enable <br>
+ DCE/RPC2 Detection</td>
+ <td width="78%" class="vtable"><input name="dce_rpc_2"
+ type="checkbox" value="on"
+ <?php if ($pconfig['dce_rpc_2']=="on") echo "checked"; ?>
+ onClick="enable_change(false)"><br>
+ The DCE/RPC preprocessor detects and decodes SMB and DCE/RPC
+ traffic.</td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncell2">Enable <br>
+ DNS Detection</td>
+ <td width="78%" class="vtable"><input name="dns_preprocessor"
+ type="checkbox" value="on"
+ <?php if ($pconfig['dns_preprocessor']=="on") echo "checked"; ?>
+ onClick="enable_change(false)"><br>
+ The DNS preprocessor decodes DNS Response traffic and detects some
+ vulnerabilities.</td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncell2">Define SSL_IGNORE</td>
+ <td width="78%" class="vtable"><input name="def_ssl_ports_ignore"
+ type="text" class="formfld" id="def_ssl_ports_ignore" size="40"
+ value="<?=htmlspecialchars($pconfig['def_ssl_ports_ignore']);?>"> <br>
+ <span class="vexpl"> Encrypted traffic should be ignored by Snort
+ for both performance reasons and to reduce false positives.<br>
+ Default: "443 465 563 636 989 990 992 993 994 995".</span> <strong>Please
+ use spaces and not commas.</strong></td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top"> </td>
+ <td width="78%">
+ <input name="Submit" type="submit" class="formbtn" value="Save">
+ <input name="id" type="hidden" value="<?=$id;?>"></td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top"> </td>
+ <td width="78%"><span class="vexpl"><span class="red"><strong>Note:</strong></span>
+ <br>
+ Please save your settings before you click Start. </td>
+ </tr>
+ </table>
+
+</table>
+</form>
+
+</div>
+
+ <?php include("fend.inc"); ?>
+</body>
+</html>
diff --git a/config/snort-dev/snort_rules.php b/config/snort-dev/snort_rules.php index 871eb39e..bfb9da81 100644 --- a/config/snort-dev/snort_rules.php +++ b/config/snort-dev/snort_rules.php @@ -1,458 +1,458 @@ -<?php -/* - snort_rules.php - Copyright (C) 2004, 2005 Scott Ullrich - Copyright (C) 2008, 2009 Robert Zelaya - Copyright (C) 2011 Ermal Luci - All rights reserved. - - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions are met: - - 1. Redistributions of source code must retain the above copyright notice, - this list of conditions and the following disclaimer. - - 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. - - THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, - INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY - AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, - OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - POSSIBILITY OF SUCH DAMAGE. - */ - - -require_once("guiconfig.inc"); -require_once("/usr/local/pkg/snort/snort_gui.inc"); -require_once("/usr/local/pkg/snort/snort.inc"); - -global $g; - -if (!is_array($config['installedpackages']['snortglobal']['rule'])) - $config['installedpackages']['snortglobal']['rule'] = array(); -$a_nat = &$config['installedpackages']['snortglobal']['rule']; - -$id = $_GET['id']; -if (isset($_POST['id'])) - $id = $_POST['id']; -if (is_null($id)) { - header("Location: /snort/snort_interfaces.php"); - exit; -} - -if (isset($id) && $a_nat[$id]) { - $pconfig['enable'] = $a_nat[$id]['enable']; - $pconfig['interface'] = $a_nat[$id]['interface']; - $pconfig['rulesets'] = $a_nat[$id]['rulesets']; -} - -/* convert fake interfaces to real */ -$if_real = snort_get_real_interface($pconfig['interface']); -$iface_uuid = $a_nat[$id]['uuid']; - -/* Check if the rules dir is empy if so warn the user */ -/* TODO give the user the option to delete the installed rules rules */ -if (!is_dir("/usr/local/etc/snort/snort_{$iface_uuid}_{$if_real}/rules")) - exec("/bin/mkdir -p /usr/local/etc/snort/snort_{$iface_uuid}_{$if_real}/rules"); - -$isrulesfolderempty = exec("ls -A /usr/local/etc/snort/snort_{$iface_uuid}_{$if_real}/rules/*.rules"); -if ($isrulesfolderempty == "") { - $isrulesfolderempty = exec("ls -A /usr/local/etc/snort/rules/*.rules"); - if ($isrulesfolderempty == "") { - include_once("head.inc"); - include_once("fbegin.inc"); - - echo "<body link=\"#000000\" vlink=\"#000000\" alink=\"#000000\">"; - - if($pfsense_stable == 'yes'){echo '<p class="pgtitle">' . $pgtitle . '</p>';} - - echo "<table width=\"99%\" border=\"0\" cellpadding=\"0\" cellspacing=\"0\">\n - <tr>\n - <td>\n"; - - $tab_array = array(); - $tabid = 0; - $tab_array[$tabid] = array(gettext("Snort Interfaces"), false, "/snort/snort_interfaces.php"); - $tabid++; - $tab_array[$tabid] = array(gettext("If Settings"), false, "/snort/snort_interfaces_edit.php?id={$id}"); - $tabid++; - $tab_array[$tabid] = array(gettext("Categories"), false, "/snort/snort_rulesets.php?id={$id}"); - $tabid++; - $tab_array[$tabid] = array(gettext("Rules"), true, "/snort/snort_rules.php?id={$id}"); - $tabid++; - $tab_array[$tabid] = array(gettext("Servers"), false, "/snort/snort_define_servers.php?id={$id}"); - $tabid++; - $tab_array[$tabid] = array(gettext("Preprocessors"), false, "/snort/snort_preprocessors.php?id={$id}"); - $tabid++; - $tab_array[$tabid] = array(gettext("Barnyard2"), false, "/snort/snort_barnyard.php?id={$id}"); - display_top_tabs($tab_array); - echo "</td>\n - </tr>\n - <tr>\n - <td>\n - <div id=\"mainarea\">\n - <table id=\"maintable\" class=\"tabcont\" width=\"100%\" border=\"0\" cellpadding=\"0\" cellspacing=\"0\">\n - <tr>\n - <td>\n - # The rules directory is empty.\n - </td>\n - </tr>\n - </table>\n - </div>\n - </td>\n - </tr>\n - </table>\n - \n - </form>\n - \n - <p>\n\n"; - - echo "Please click on the Update Rules tab to install your selected rule sets."; - include("fend.inc"); - - echo "</body>"; - echo "</html>"; - - exit(0); - } else { - /* Make sure that we have the rules */ - mwexec("/bin/cp /usr/local/etc/snort/rules/*.rules /usr/local/etc/snort/snort_{$iface_uuid}_{$if_real}/rules", true); - } -} - -function get_middle($source, $beginning, $ending, $init_pos) { - $beginning_pos = strpos($source, $beginning, $init_pos); - $middle_pos = $beginning_pos + strlen($beginning); - $ending_pos = strpos($source, $ending, $beginning_pos); - $middle = substr($source, $middle_pos, $ending_pos - $middle_pos); - return $middle; -} - -function write_rule_file($content_changed, $received_file) -{ - @file_put_contents($received_file, implode("\n", $content_changed)); -} - -function load_rule_file($incoming_file) -{ - //read file into string, and get filesize - $contents = @file_get_contents($incoming_file); - - //split the contents of the string file into an array using the delimiter - return explode("\n", $contents); -} - -$ruledir = "/usr/local/etc/snort/snort_{$iface_uuid}_{$if_real}/rules/"; -//$ruledir = "/usr/local/etc/snort/rules/"; -$dh = opendir($ruledir); -while (false !== ($filename = readdir($dh))) -{ - //only populate this array if its a rule file - $isrulefile = strstr($filename, ".rules"); - if ($isrulefile !== false) - $files[] = basename($filename); -} -sort($files); - -if ($_GET['openruleset']) - $rulefile = $_GET['openruleset']; -else - $rulefile = $ruledir.$files[0]; - -//Load the rule file -$splitcontents = load_rule_file($rulefile); - -if ($_GET['act'] == "toggle" && $_GET['ids']) { - - $lineid= $_GET['ids']; - - //copy rule contents from array into string - $tempstring = $splitcontents[$lineid]; - - //explode rule contents into an array, (delimiter is space) - $rule_content = explode(' ', $tempstring); - - $findme = "# alert"; //find string for disabled alerts - $disabled = strstr($tempstring, $findme); - - //if find alert is false, then rule is disabled - if ($disabled !== false) { - //rule has been enabled - $tempstring = substr($tempstring, 2); - } else - $tempstring = "# ". $tempstring; - - //copy string into array for writing - $splitcontents[$lineid] = $tempstring; - - //write the new .rules file - write_rule_file($splitcontents, $rulefile); - - //write disable/enable sid to config.xml - $sid = get_middle($tempstring, 'sid:', ';', 0); - if (is_numeric($sid)) { - // rule_sid_on registers - if (!empty($a_nat[$id]['rule_sid_on'])) - $a_nat[$id]['rule_sid_on'] = str_replace("||enablesid $sid", "", $a_nat[$id]['rule_sid_on']); - if (!empty($a_nat[$id]['rule_sid_on'])) - $a_nat[$id]['rule_sid_off'] = str_replace("||disablesid $sid", "", $a_nat[$id]['rule_sid_off']); - if ($disabled === false) - $a_nat[$id]['rule_sid_off'] = "||disablesid $sid_off" . $a_nat[$id]['rule_sid_off']; - else - $a_nat[$id]['rule_sid_on'] = "||enablesid $sid_on" . $a_nat[$id]['rule_sid_on']; - } - - write_config(); - - header("Location: /snort/snort_rules.php?id={$id}&openruleset={$rulefile}"); - exit; -} - -$currentruleset = basename($rulefile); - -$ifname = strtoupper($pconfig['interface']); - -require_once("guiconfig.inc"); -include_once("head.inc"); - -$pgtitle = "Snort: $id $iface_uuid $if_real Category: $currentruleset"; -?> - -<body link="#0000CC" vlink="#0000CC" alink="#0000CC"> -<?php -include("fbegin.inc"); -if ($pfsense_stable == 'yes'){echo '<p class="pgtitle">' . $pgtitle . '</p>';} - -echo "{$snort_general_css}\n"; -?> -<form action="snort_rules.php" method="post" name="iform" id="iform"> - -<script language="javascript" type="text/javascript"> -function go() -{ - var box = document.iform.selectbox; - destination = box.options[box.selectedIndex].value; - if (destination) - location.href = destination; -} -function popup(url) -{ - params = 'width='+screen.width; - params += ', height='+screen.height; - params += ', top=0, left=0' - params += ', fullscreen=yes'; - - newwin=window.open(url,'windowname4', params); - if (window.focus) {newwin.focus()} - return false; -} -</script> - -<table style="table-layout:fixed;" width="99%" border="0" cellpadding="0" cellspacing="0"> -<tr><td> -<?php - $tab_array = array(); - $tabid = 0; - $tab_array[$tabid] = array(gettext("Snort Interfaces"), false, "/snort/snort_interfaces.php"); - $tabid++; - $tab_array[$tabid] = array(gettext("If Settings"), false, "/snort/snort_interfaces_edit.php?id={$id}"); - $tabid++; - $tab_array[$tabid] = array(gettext("Categories"), false, "/snort/snort_rulesets.php?id={$id}"); - $tabid++; - $tab_array[$tabid] = array(gettext("Rules"), true, "/snort/snort_rules.php?id={$id}"); - $tabid++; - $tab_array[$tabid] = array(gettext("Servers"), false, "/snort/snort_define_servers.php?id={$id}"); - $tabid++; - $tab_array[$tabid] = array(gettext("Preprocessors"), false, "/snort/snort_preprocessors.php?id={$id}"); - $tabid++; - $tab_array[$tabid] = array(gettext("Barnyard2"), false, "/snort/snort_barnyard.php?id={$id}"); - display_top_tabs($tab_array); -?> -</td></tr> -<tr> - <td> - <div id="mainarea2"> - <table id="maintable" class="tabcont" width="100%" border="0" cellpadding="0" cellspacing="0"> - <tr> - <td class="listt" colspan="8"> - <br>Category: - <select id="selectbox" name="selectbox" class="formfld" onChange="go()"> - <?php - foreach ($files as $value) { - echo "<option value='?id={$id}&openruleset={$ruledir}{$value}' "; - if ($value === $currentruleset) - echo "selected"; - echo ">{$value}</option>\n"; - } - ?> - </select> - </td> - </tr> - <tr id="frheader"> - <td width="3%" class="list"> </td> - <td width="5%" class="listhdr">SID</td> - <td width="6%" class="listhdrr">Proto</td> - <td width="15%" class="listhdrr">Source</td> - <td width="10%" class="listhdrr">Port</td> - <td width="15%" class="listhdrr">Destination</td> - <td width="10%" class="listhdrr">Port</td> - <td width="32%" class="listhdrr">Message</td> - </tr> - <?php - foreach ( $splitcontents as $counter => $value ) - { - $disabled = "False"; - $comments = "False"; - $findme = "# alert"; //find string for disabled alerts - $disabled_pos = strstr($value, $findme); - - $counter2 = 1; - $sid = get_middle($value, 'sid:', ';', 0); - //check to see if the sid is numberical - if (!is_numeric($sid)) - continue; - - //if find alert is false, then rule is disabled - if ($disabled_pos !== false){ - $counter2 = $counter2+1; - $textss = "<span class=\"gray\">"; - $textse = "</span>"; - $iconb = "icon_block_d.gif"; - - $ischecked = ""; - } else { - $textss = $textse = ""; - $iconb = "icon_block.gif"; - - $ischecked = "checked"; - } - - $rule_content = explode(' ', $value); - - $protocol = $rule_content[$counter2];//protocol location - $counter2++; - $source = substr($rule_content[$counter2], 0, 20) . "...";//source location - $counter2++; - $source_port = $rule_content[$counter2];//source port location - $counter2 = $counter2+2; - $destination = substr($rule_content[$counter2], 0, 20) . "...";//destination location - $counter2++; - $destination_port = $rule_content[$counter2];//destination port location - - if (strstr($value, 'msg: "')) - $message = get_middle($value, 'msg: "', '";', 0); - else if (strstr($value, 'msg:"')) - $message = get_middle($value, 'msg:"', '";', 0); - - echo "<tr><td class=\"listt\"> $textss\n"; - ?> - <a href="?id=<?=$id;?>&openruleset=<?=$rulefile;?>&act=toggle&ids=<?=$counter;?>"><img - src="../themes/<?= $g['theme']; ?>/images/icons/<?=$iconb;?>" - width="10" height="10" border="0" - title="click to toggle enabled/disabled status"></a> - <!-- <input name="enable" type="checkbox" value="yes" <?= $ischecked; ?> onClick="enable_change(false)"> --> - <!-- TODO: add checkbox and save so that that disabling is nicer --> - <?php - echo "$textse - </td> - <td width='5%' class=\"listlr\"> - $textss - $sid - $textse - </td> - <td width='6%' class=\"listlr\"> - $textss - $protocol"; - echo "$textse - </td> - <td width='20%' class=\"listlr\"> - $textss - $source - $textse - </td> - <td width='5%' class=\"listlr\"> - $textss - $source_port - $textse - </td> - <td width='20%' class=\"listlr\"> - $textss - $destination - $textse - </td> - <td width='5%' class=\"listlr\"> - $textss - $destination_port - $textse - </td> - <td width='30%' class=\"listbg\"><font color=\"white\"> - $textss - $message - $textse - </td>"; - ?> - <td valign="middle" nowrap class="list"> - <table border="0" cellspacing="0" cellpadding="1"> - <tr> - <td><a href="javascript: void(0)" - onclick="popup('snort_rules_edit.php?id=<?=$id;?>&openruleset=<?=$rulefile;?>&ids=<?=$counter;?>')"><img - src="../themes/<?= $g['theme']; ?>/images/icons/icon_e.gif" - title="edit rule" width="17" height="17" border="0"></a></td> - <!-- Codes by Quackit.com --> - </tr> - </table> - </td> - <?php - } - ?> - - </table> - </td> - </tr> - <tr> - <td class="listlr"> - <?php echo " <strong><span class='red'>There are {$counter} rules in this category. <br/><br/></span></strong>"; ?> - </td> - </tr> - <tr> - <td> - <table class="tabcont" width="100%" border="0" cellspacing="0" cellpadding="0"> - <tr> - <td width="16"><img - src="../themes/<?= $g['theme']; ?>/images/icons/icon_block.gif" - width="11" height="11"></td> - <td>Rule Enabled</td> - </tr> - <tr> - <td><img - src="../themes/<?= $g['theme']; ?>/images/icons/icon_block_d.gif" - width="11" height="11"></td> - <td nowrap>Rule Disabled</td> - </tr> - <tr> - <!-- TODO: add save and cancel for checkbox options --> - <!-- <td><pre><input name="Submit" type="submit" class="formbtn" value="Save"> <input type="button" class="formbtn" value="Cancel" onclick="history.back()"><pre></td> --> - </tr> - <tr> - <td colspan="10"> - <p><!--<strong><span class="red">Warning:<br/> </span></strong>Editing these r</p>--> - </td> - </tr> - </table> - </td> - </tr> - </table> - </td> -</tr> -</table> -</form> -<?php include("fend.inc"); ?> -</body> -</html> +<?php
+/*
+ snort_rules.php
+ Copyright (C) 2004, 2005 Scott Ullrich
+ Copyright (C) 2008, 2009 Robert Zelaya
+ Copyright (C) 2011 Ermal Luci
+ All rights reserved.
+
+ Redistribution and use in source and binary forms, with or without
+ modification, are permitted provided that the following conditions are met:
+
+ 1. Redistributions of source code must retain the above copyright notice,
+ this list of conditions and the following disclaimer.
+
+ 2. Redistributions in binary form must reproduce the above copyright
+ notice, this list of conditions and the following disclaimer in the
+ documentation and/or other materials provided with the distribution.
+
+ THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
+ INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
+ AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
+ OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ POSSIBILITY OF SUCH DAMAGE.
+ */
+
+
+require_once("guiconfig.inc");
+require_once("/usr/local/pkg/snort/snort_gui.inc");
+require_once("/usr/local/pkg/snort/snort.inc");
+
+global $g;
+
+if (!is_array($config['installedpackages']['snortglobal']['rule']))
+ $config['installedpackages']['snortglobal']['rule'] = array();
+$a_nat = &$config['installedpackages']['snortglobal']['rule'];
+
+$id = $_GET['id'];
+if (isset($_POST['id']))
+ $id = $_POST['id'];
+if (is_null($id)) {
+ header("Location: /snort/snort_interfaces.php");
+ exit;
+}
+
+if (isset($id) && $a_nat[$id]) {
+ $pconfig['enable'] = $a_nat[$id]['enable'];
+ $pconfig['interface'] = $a_nat[$id]['interface'];
+ $pconfig['rulesets'] = $a_nat[$id]['rulesets'];
+}
+
+/* convert fake interfaces to real */
+$if_real = snort_get_real_interface($pconfig['interface']);
+$iface_uuid = $a_nat[$id]['uuid'];
+
+/* Check if the rules dir is empy if so warn the user */
+/* TODO give the user the option to delete the installed rules rules */
+if (!is_dir("/usr/local/etc/snort/snort_{$iface_uuid}_{$if_real}/rules"))
+ exec("/bin/mkdir -p /usr/local/etc/snort/snort_{$iface_uuid}_{$if_real}/rules");
+
+$isrulesfolderempty = exec("ls -A /usr/local/etc/snort/snort_{$iface_uuid}_{$if_real}/rules/*.rules");
+if ($isrulesfolderempty == "") {
+ $isrulesfolderempty = exec("ls -A /usr/local/etc/snort/rules/*.rules");
+ if ($isrulesfolderempty == "") {
+ include_once("head.inc");
+ include_once("fbegin.inc");
+
+ echo "<body link=\"#000000\" vlink=\"#000000\" alink=\"#000000\">";
+
+ if($pfsense_stable == 'yes'){echo '<p class="pgtitle">' . $pgtitle . '</p>';}
+
+ echo "<table width=\"99%\" border=\"0\" cellpadding=\"0\" cellspacing=\"0\">\n
+ <tr>\n
+ <td>\n";
+
+ $tab_array = array();
+ $tabid = 0;
+ $tab_array[$tabid] = array(gettext("Snort Interfaces"), false, "/snort/snort_interfaces.php");
+ $tabid++;
+ $tab_array[$tabid] = array(gettext("If Settings"), false, "/snort/snort_interfaces_edit.php?id={$id}");
+ $tabid++;
+ $tab_array[$tabid] = array(gettext("Categories"), false, "/snort/snort_rulesets.php?id={$id}");
+ $tabid++;
+ $tab_array[$tabid] = array(gettext("Rules"), true, "/snort/snort_rules.php?id={$id}");
+ $tabid++;
+ $tab_array[$tabid] = array(gettext("Servers"), false, "/snort/snort_define_servers.php?id={$id}");
+ $tabid++;
+ $tab_array[$tabid] = array(gettext("Preprocessors"), false, "/snort/snort_preprocessors.php?id={$id}");
+ $tabid++;
+ $tab_array[$tabid] = array(gettext("Barnyard2"), false, "/snort/snort_barnyard.php?id={$id}");
+ display_top_tabs($tab_array);
+ echo "</td>\n
+ </tr>\n
+ <tr>\n
+ <td>\n
+ <div id=\"mainarea\">\n
+ <table id=\"maintable\" class=\"tabcont\" width=\"100%\" border=\"0\" cellpadding=\"0\" cellspacing=\"0\">\n
+ <tr>\n
+ <td>\n
+ # The rules directory is empty.\n
+ </td>\n
+ </tr>\n
+ </table>\n
+ </div>\n
+ </td>\n
+ </tr>\n
+ </table>\n
+ \n
+ </form>\n
+ \n
+ <p>\n\n";
+
+ echo "Please click on the Update Rules tab to install your selected rule sets.";
+ include("fend.inc");
+
+ echo "</body>";
+ echo "</html>";
+
+ exit(0);
+ } else {
+ /* Make sure that we have the rules */
+ mwexec("/bin/cp /usr/local/etc/snort/rules/*.rules /usr/local/etc/snort/snort_{$iface_uuid}_{$if_real}/rules", true);
+ }
+}
+
+function get_middle($source, $beginning, $ending, $init_pos) {
+ $beginning_pos = strpos($source, $beginning, $init_pos);
+ $middle_pos = $beginning_pos + strlen($beginning);
+ $ending_pos = strpos($source, $ending, $beginning_pos);
+ $middle = substr($source, $middle_pos, $ending_pos - $middle_pos);
+ return $middle;
+}
+
+function write_rule_file($content_changed, $received_file)
+{
+ @file_put_contents($received_file, implode("\n", $content_changed));
+}
+
+function load_rule_file($incoming_file)
+{
+ //read file into string, and get filesize
+ $contents = @file_get_contents($incoming_file);
+
+ //split the contents of the string file into an array using the delimiter
+ return explode("\n", $contents);
+}
+
+$ruledir = "/usr/local/etc/snort/snort_{$iface_uuid}_{$if_real}/rules/";
+//$ruledir = "/usr/local/etc/snort/rules/";
+$dh = opendir($ruledir);
+while (false !== ($filename = readdir($dh)))
+{
+ //only populate this array if its a rule file
+ $isrulefile = strstr($filename, ".rules");
+ if ($isrulefile !== false)
+ $files[] = basename($filename);
+}
+sort($files);
+
+if ($_GET['openruleset'])
+ $rulefile = $_GET['openruleset'];
+else
+ $rulefile = $ruledir.$files[0];
+
+//Load the rule file
+$splitcontents = load_rule_file($rulefile);
+
+if ($_GET['act'] == "toggle" && $_GET['ids']) {
+
+ $lineid= $_GET['ids'];
+
+ //copy rule contents from array into string
+ $tempstring = $splitcontents[$lineid];
+
+ //explode rule contents into an array, (delimiter is space)
+ $rule_content = explode(' ', $tempstring);
+
+ $findme = "# alert"; //find string for disabled alerts
+ $disabled = strstr($tempstring, $findme);
+
+ //if find alert is false, then rule is disabled
+ if ($disabled !== false) {
+ //rule has been enabled
+ $tempstring = substr($tempstring, 2);
+ } else
+ $tempstring = "# ". $tempstring;
+
+ //copy string into array for writing
+ $splitcontents[$lineid] = $tempstring;
+
+ //write the new .rules file
+ write_rule_file($splitcontents, $rulefile);
+
+ //write disable/enable sid to config.xml
+ $sid = get_middle($tempstring, 'sid:', ';', 0);
+ if (is_numeric($sid)) {
+ // rule_sid_on registers
+ if (!empty($a_nat[$id]['rule_sid_on']))
+ $a_nat[$id]['rule_sid_on'] = str_replace("||enablesid $sid", "", $a_nat[$id]['rule_sid_on']);
+ if (!empty($a_nat[$id]['rule_sid_on']))
+ $a_nat[$id]['rule_sid_off'] = str_replace("||disablesid $sid", "", $a_nat[$id]['rule_sid_off']);
+ if ($disabled === false)
+ $a_nat[$id]['rule_sid_off'] = "||disablesid $sid_off" . $a_nat[$id]['rule_sid_off'];
+ else
+ $a_nat[$id]['rule_sid_on'] = "||enablesid $sid_on" . $a_nat[$id]['rule_sid_on'];
+ }
+
+ write_config();
+
+ header("Location: /snort/snort_rules.php?id={$id}&openruleset={$rulefile}");
+ exit;
+}
+
+$currentruleset = basename($rulefile);
+
+$ifname = strtoupper($pconfig['interface']);
+
+require_once("guiconfig.inc");
+include_once("head.inc");
+
+$pgtitle = "Snort: $id $iface_uuid $if_real Category: $currentruleset";
+?>
+
+<body link="#0000CC" vlink="#0000CC" alink="#0000CC">
+<?php
+include("fbegin.inc");
+if ($pfsense_stable == 'yes'){echo '<p class="pgtitle">' . $pgtitle . '</p>';}
+
+echo "{$snort_general_css}\n";
+?>
+<form action="snort_rules.php" method="post" name="iform" id="iform">
+
+<script language="javascript" type="text/javascript">
+function go()
+{
+ var box = document.iform.selectbox;
+ destination = box.options[box.selectedIndex].value;
+ if (destination)
+ location.href = destination;
+}
+function popup(url)
+{
+ params = 'width='+screen.width;
+ params += ', height='+screen.height;
+ params += ', top=0, left=0'
+ params += ', fullscreen=yes';
+
+ newwin=window.open(url,'windowname4', params);
+ if (window.focus) {newwin.focus()}
+ return false;
+}
+</script>
+
+<table style="table-layout:fixed;" width="99%" border="0" cellpadding="0" cellspacing="0">
+<tr><td>
+<?php
+ $tab_array = array();
+ $tabid = 0;
+ $tab_array[$tabid] = array(gettext("Snort Interfaces"), false, "/snort/snort_interfaces.php");
+ $tabid++;
+ $tab_array[$tabid] = array(gettext("If Settings"), false, "/snort/snort_interfaces_edit.php?id={$id}");
+ $tabid++;
+ $tab_array[$tabid] = array(gettext("Categories"), false, "/snort/snort_rulesets.php?id={$id}");
+ $tabid++;
+ $tab_array[$tabid] = array(gettext("Rules"), true, "/snort/snort_rules.php?id={$id}");
+ $tabid++;
+ $tab_array[$tabid] = array(gettext("Servers"), false, "/snort/snort_define_servers.php?id={$id}");
+ $tabid++;
+ $tab_array[$tabid] = array(gettext("Preprocessors"), false, "/snort/snort_preprocessors.php?id={$id}");
+ $tabid++;
+ $tab_array[$tabid] = array(gettext("Barnyard2"), false, "/snort/snort_barnyard.php?id={$id}");
+ display_top_tabs($tab_array);
+?>
+</td></tr>
+<tr>
+ <td>
+ <div id="mainarea2">
+ <table id="maintable" class="tabcont" width="100%" border="0" cellpadding="0" cellspacing="0">
+ <tr>
+ <td class="listt" colspan="8">
+ <br>Category:
+ <select id="selectbox" name="selectbox" class="formfld" onChange="go()">
+ <?php
+ foreach ($files as $value) {
+ echo "<option value='?id={$id}&openruleset={$ruledir}{$value}' ";
+ if ($value === $currentruleset)
+ echo "selected";
+ echo ">{$value}</option>\n";
+ }
+ ?>
+ </select>
+ </td>
+ </tr>
+ <tr id="frheader">
+ <td width="3%" class="list"> </td>
+ <td width="5%" class="listhdr">SID</td>
+ <td width="6%" class="listhdrr">Proto</td>
+ <td width="15%" class="listhdrr">Source</td>
+ <td width="10%" class="listhdrr">Port</td>
+ <td width="15%" class="listhdrr">Destination</td>
+ <td width="10%" class="listhdrr">Port</td>
+ <td width="32%" class="listhdrr">Message</td>
+ </tr>
+ <?php
+ foreach ( $splitcontents as $counter => $value )
+ {
+ $disabled = "False";
+ $comments = "False";
+ $findme = "# alert"; //find string for disabled alerts
+ $disabled_pos = strstr($value, $findme);
+
+ $counter2 = 1;
+ $sid = get_middle($value, 'sid:', ';', 0);
+ //check to see if the sid is numberical
+ if (!is_numeric($sid))
+ continue;
+
+ //if find alert is false, then rule is disabled
+ if ($disabled_pos !== false){
+ $counter2 = $counter2+1;
+ $textss = "<span class=\"gray\">";
+ $textse = "</span>";
+ $iconb = "icon_block_d.gif";
+
+ $ischecked = "";
+ } else {
+ $textss = $textse = "";
+ $iconb = "icon_block.gif";
+
+ $ischecked = "checked";
+ }
+
+ $rule_content = explode(' ', $value);
+
+ $protocol = $rule_content[$counter2];//protocol location
+ $counter2++;
+ $source = substr($rule_content[$counter2], 0, 20) . "...";//source location
+ $counter2++;
+ $source_port = $rule_content[$counter2];//source port location
+ $counter2 = $counter2+2;
+ $destination = substr($rule_content[$counter2], 0, 20) . "...";//destination location
+ $counter2++;
+ $destination_port = $rule_content[$counter2];//destination port location
+
+ if (strstr($value, 'msg: "'))
+ $message = get_middle($value, 'msg: "', '";', 0);
+ else if (strstr($value, 'msg:"'))
+ $message = get_middle($value, 'msg:"', '";', 0);
+
+ echo "<tr><td class=\"listt\"> $textss\n";
+ ?>
+ <a href="?id=<?=$id;?>&openruleset=<?=$rulefile;?>&act=toggle&ids=<?=$counter;?>"><img
+ src="../themes/<?= $g['theme']; ?>/images/icons/<?=$iconb;?>"
+ width="10" height="10" border="0"
+ title="click to toggle enabled/disabled status"></a>
+ <!-- <input name="enable" type="checkbox" value="yes" <?= $ischecked; ?> onClick="enable_change(false)"> -->
+ <!-- TODO: add checkbox and save so that that disabling is nicer -->
+ <?php
+ echo "$textse
+ </td>
+ <td width='5%' class=\"listlr\">
+ $textss
+ $sid
+ $textse
+ </td>
+ <td width='6%' class=\"listlr\">
+ $textss
+ $protocol";
+ echo "$textse
+ </td>
+ <td width='20%' class=\"listlr\">
+ $textss
+ $source
+ $textse
+ </td>
+ <td width='5%' class=\"listlr\">
+ $textss
+ $source_port
+ $textse
+ </td>
+ <td width='20%' class=\"listlr\">
+ $textss
+ $destination
+ $textse
+ </td>
+ <td width='5%' class=\"listlr\">
+ $textss
+ $destination_port
+ $textse
+ </td>
+ <td width='30%' class=\"listbg\"><font color=\"white\">
+ $textss
+ $message
+ $textse
+ </td>";
+ ?>
+ <td valign="middle" nowrap class="list">
+ <table border="0" cellspacing="0" cellpadding="1">
+ <tr>
+ <td><a href="javascript: void(0)"
+ onclick="popup('snort_rules_edit.php?id=<?=$id;?>&openruleset=<?=$rulefile;?>&ids=<?=$counter;?>')"><img
+ src="../themes/<?= $g['theme']; ?>/images/icons/icon_e.gif"
+ title="edit rule" width="17" height="17" border="0"></a></td>
+ <!-- Codes by Quackit.com -->
+ </tr>
+ </table>
+ </td>
+ <?php
+ }
+ ?>
+
+ </table>
+ </td>
+ </tr>
+ <tr>
+ <td class="listlr">
+ <?php echo " <strong><span class='red'>There are {$counter} rules in this category. <br/><br/></span></strong>"; ?>
+ </td>
+ </tr>
+ <tr>
+ <td>
+ <table class="tabcont" width="100%" border="0" cellspacing="0" cellpadding="0">
+ <tr>
+ <td width="16"><img
+ src="../themes/<?= $g['theme']; ?>/images/icons/icon_block.gif"
+ width="11" height="11"></td>
+ <td>Rule Enabled</td>
+ </tr>
+ <tr>
+ <td><img
+ src="../themes/<?= $g['theme']; ?>/images/icons/icon_block_d.gif"
+ width="11" height="11"></td>
+ <td nowrap>Rule Disabled</td>
+ </tr>
+ <tr>
+ <!-- TODO: add save and cancel for checkbox options -->
+ <!-- <td><pre><input name="Submit" type="submit" class="formbtn" value="Save"> <input type="button" class="formbtn" value="Cancel" onclick="history.back()"><pre></td> -->
+ </tr>
+ <tr>
+ <td colspan="10">
+ <p><!--<strong><span class="red">Warning:<br/> </span></strong>Editing these r</p>-->
+ </td>
+ </tr>
+ </table>
+ </td>
+ </tr>
+ </table>
+ </td>
+</tr>
+</table>
+</form>
+<?php include("fend.inc"); ?>
+</body>
+</html>
diff --git a/config/snort-dev/snort_rules_edit.php b/config/snort-dev/snort_rules_edit.php index 330630f4..6edc88c2 100644 --- a/config/snort-dev/snort_rules_edit.php +++ b/config/snort-dev/snort_rules_edit.php @@ -1,188 +1,188 @@ -<?php -/* - snort_rules_edit.php - Copyright (C) 2004, 2005 Scott Ullrich - Copyright (C) 2011 Ermal Luci - All rights reserved. - - Adapted for FreeNAS by Volker Theile (votdev@gmx.de) - Copyright (C) 2006-2009 Volker Theile - - Adapted for Pfsense Snort package by Robert Zelaya - Copyright (C) 2008-2009 Robert Zelaya - - Using dp.SyntaxHighlighter for syntax highlighting - http://www.dreamprojections.com/SyntaxHighlighter - Copyright (C) 2004-2006 Alex Gorbatchev. All rights reserved. - - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions are met: - - 1. Redistributions of source code must retain the above copyright notice, - this list of conditions and the following disclaimer. - - 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. - - THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, - INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY - AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, - OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - POSSIBILITY OF SUCH DAMAGE. - */ - -require_once("guiconfig.inc"); -require_once("/usr/local/pkg/snort/snort.inc"); -require_once("/usr/local/pkg/snort/snort_gui.inc"); - -if (!is_array($config['installedpackages']['snortglobal']['rule'])) { - $config['installedpackages']['snortglobal']['rule'] = array(); -} -$a_nat = &$config['installedpackages']['snortglobal']['rule']; - -$id = $_GET['id']; -if (isset($_POST['id'])) - $id = $_POST['id']; - -$ids = $_GET['ids']; -if (isset($_POST['ids'])) - $ids = $_POST['ids']; - -if (isset($id) && $a_nat[$id]) { - $pconfig['enable'] = $a_nat[$id]['enable']; - $pconfig['interface'] = $a_nat[$id]['interface']; - $pconfig['rulesets'] = $a_nat[$id]['rulesets']; -} - -//get rule id -$lineid = $_GET['ids']; -if (isset($_POST['ids'])) - $lineid = $_POST['ids']; - -$file = $_GET['openruleset']; -if (isset($_POST['openruleset'])) - $file = $_POST['openruleset']; - -//read file into string, and get filesize also chk for empty files -$contents = ''; -if (filesize($file) > 0 ) - $contents = file_get_contents($file); - -//delimiter for each new rule is a new line -$delimiter = "\n"; - -//split the contents of the string file into an array using the delimiter -$splitcontents = explode($delimiter, $contents); -$findme = "# alert"; //find string for disabled alerts -$highlight = "yes"; -if (strstr($splitcontents[$lineid], $findme)) - $highlight = "no"; -if ($highlight == "no") - $splitcontents[$lineid] = substr($splitcontents[$lineid], 2); - -if (!function_exists('get_middle')) { - function get_middle($source, $beginning, $ending, $init_pos) { - $beginning_pos = strpos($source, $beginning, $init_pos); - $middle_pos = $beginning_pos + strlen($beginning); - $ending_pos = strpos($source, $ending, $beginning_pos); - $middle = substr($source, $middle_pos, $ending_pos - $middle_pos); - return $middle; - } -} - -if ($_POST) { - if ($_POST['save']) { - - //copy string into file array for writing - if ($_POST['highlight'] == "yes") - $splitcontents[$lineid] = $_POST['code']; - else - $splitcontents[$lineid] = "# " . $_POST['code']; - - //write disable/enable sid to config.xml - $sid = get_middle($splitcontents[$lineid], 'sid:', ';', 0); - if (is_numeric($sid)) { - // rule_sid_on registers - if (!empty($a_nat[$id]['rule_sid_on'])) - $a_nat[$id]['rule_sid_on'] = str_replace("||enablesid $sid", "", $a_nat[$id]['rule_sid_on']); - if (!empty($a_nat[$id]['rule_sid_on'])) - $a_nat[$id]['rule_sid_off'] = str_replace("||disablesid $sid", "", $a_nat[$id]['rule_sid_off']); - if ($_POST['highlight'] == "yes") - $a_nat[$id]['rule_sid_on'] = "||enablesid $sid" . $a_nat[$id]['rule_sid_on']; - else - $a_nat[$id]['rule_sid_off'] = "||disablesid $sid" . $a_nat[$id]['rule_sid_off']; - } - - //write the new .rules file - @file_put_contents($file, implode($delimiter, $splitcontents)); - - write_config(); - - echo "<script> opener.window.location.reload(); window.close(); </script>"; - exit; - } -} - -$pgtitle = array(gettext("Advanced"), gettext("File Editor")); - -?> - -<?php include("head.inc");?> - -<body link="#000000" vlink="#000000" alink="#000000"> -<form action="snort_rules_edit.php" method="post"> - <?php if ($savemsg) print_info_box($savemsg); ?> -<table width="100%" border="0" cellpadding="0" cellspacing="0"> -<tr> - <td class="tabcont"> - - - <table width="100%" cellpadding="9" cellspacing="9" bgcolor="#eeeeee"> - <tr> - <td> - <input name="save" type="submit" class="formbtn" id="save" value="save" /> - <input type='hidden' name='id' value='<?=$id;?>' /> - <input type='hidden' name='ids' value='<?=$ids;?>' /> - <input type='hidden' name='openruleset' value='<?=$file;?>' /> - <input type="button" class="formbtn" value="Cancel" onclick="window.close()"> - <hr noshade="noshade" /> - Disable original rule :<br/> - - <input id="highlighting_enabled" name="highlight2" type="radio" value="yes" <?php if($highlight == "yes") echo " checked=\"checked\""; ?> /> - <label for="highlighting_enabled"><?=gettext("Enabled");?> </label> - <input id="highlighting_disabled" name="highlight2" type="radio" value="no" <?php if($highlight == "no") echo " checked=\"checked\""; ?> /> - <label for="highlighting_disabled"> <?=gettext("Disabled");?></label> - </td> - </tr> - <tr> - <td valign="top" class="label"> - <textarea wrap="off" style="width: 98%; margin: 7px;" - class="<?php echo $language; ?>:showcolumns" rows="3" - cols="66" name="code"><?=$splitcontents[$lineid];?></textarea> - </div> - </td> - </tr> - <tr> - <td valign="top" class="label"> - <div style="background: #eeeeee;" id="textareaitem"><!-- NOTE: The opening *and* the closing textarea tag must be on the same line. --> - <textarea disabled - wrap="off" style="width: 98%; margin: 7px;" - class="<?php echo $language; ?>:showcolumns" rows="33" - cols="66" name="code2"><?=$contents;?></textarea> - </div> - </td> - </tr> - </table> - </td> -</tr> -</table> -</form> -<?php include("fend.inc");?> -</body> -</html> +<?php
+/*
+ snort_rules_edit.php
+ Copyright (C) 2004, 2005 Scott Ullrich
+ Copyright (C) 2011 Ermal Luci
+ All rights reserved.
+
+ Adapted for FreeNAS by Volker Theile (votdev@gmx.de)
+ Copyright (C) 2006-2009 Volker Theile
+
+ Adapted for Pfsense Snort package by Robert Zelaya
+ Copyright (C) 2008-2009 Robert Zelaya
+
+ Using dp.SyntaxHighlighter for syntax highlighting
+ http://www.dreamprojections.com/SyntaxHighlighter
+ Copyright (C) 2004-2006 Alex Gorbatchev. All rights reserved.
+
+ Redistribution and use in source and binary forms, with or without
+ modification, are permitted provided that the following conditions are met:
+
+ 1. Redistributions of source code must retain the above copyright notice,
+ this list of conditions and the following disclaimer.
+
+ 2. Redistributions in binary form must reproduce the above copyright
+ notice, this list of conditions and the following disclaimer in the
+ documentation and/or other materials provided with the distribution.
+
+ THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
+ INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
+ AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
+ OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ POSSIBILITY OF SUCH DAMAGE.
+ */
+
+require_once("guiconfig.inc");
+require_once("/usr/local/pkg/snort/snort.inc");
+require_once("/usr/local/pkg/snort/snort_gui.inc");
+
+if (!is_array($config['installedpackages']['snortglobal']['rule'])) {
+ $config['installedpackages']['snortglobal']['rule'] = array();
+}
+$a_nat = &$config['installedpackages']['snortglobal']['rule'];
+
+$id = $_GET['id'];
+if (isset($_POST['id']))
+ $id = $_POST['id'];
+
+$ids = $_GET['ids'];
+if (isset($_POST['ids']))
+ $ids = $_POST['ids'];
+
+if (isset($id) && $a_nat[$id]) {
+ $pconfig['enable'] = $a_nat[$id]['enable'];
+ $pconfig['interface'] = $a_nat[$id]['interface'];
+ $pconfig['rulesets'] = $a_nat[$id]['rulesets'];
+}
+
+//get rule id
+$lineid = $_GET['ids'];
+if (isset($_POST['ids']))
+ $lineid = $_POST['ids'];
+
+$file = $_GET['openruleset'];
+if (isset($_POST['openruleset']))
+ $file = $_POST['openruleset'];
+
+//read file into string, and get filesize also chk for empty files
+$contents = '';
+if (filesize($file) > 0 )
+ $contents = file_get_contents($file);
+
+//delimiter for each new rule is a new line
+$delimiter = "\n";
+
+//split the contents of the string file into an array using the delimiter
+$splitcontents = explode($delimiter, $contents);
+$findme = "# alert"; //find string for disabled alerts
+$highlight = "yes";
+if (strstr($splitcontents[$lineid], $findme))
+ $highlight = "no";
+if ($highlight == "no")
+ $splitcontents[$lineid] = substr($splitcontents[$lineid], 2);
+
+if (!function_exists('get_middle')) {
+ function get_middle($source, $beginning, $ending, $init_pos) {
+ $beginning_pos = strpos($source, $beginning, $init_pos);
+ $middle_pos = $beginning_pos + strlen($beginning);
+ $ending_pos = strpos($source, $ending, $beginning_pos);
+ $middle = substr($source, $middle_pos, $ending_pos - $middle_pos);
+ return $middle;
+ }
+}
+
+if ($_POST) {
+ if ($_POST['save']) {
+
+ //copy string into file array for writing
+ if ($_POST['highlight'] == "yes")
+ $splitcontents[$lineid] = $_POST['code'];
+ else
+ $splitcontents[$lineid] = "# " . $_POST['code'];
+
+ //write disable/enable sid to config.xml
+ $sid = get_middle($splitcontents[$lineid], 'sid:', ';', 0);
+ if (is_numeric($sid)) {
+ // rule_sid_on registers
+ if (!empty($a_nat[$id]['rule_sid_on']))
+ $a_nat[$id]['rule_sid_on'] = str_replace("||enablesid $sid", "", $a_nat[$id]['rule_sid_on']);
+ if (!empty($a_nat[$id]['rule_sid_on']))
+ $a_nat[$id]['rule_sid_off'] = str_replace("||disablesid $sid", "", $a_nat[$id]['rule_sid_off']);
+ if ($_POST['highlight'] == "yes")
+ $a_nat[$id]['rule_sid_on'] = "||enablesid $sid" . $a_nat[$id]['rule_sid_on'];
+ else
+ $a_nat[$id]['rule_sid_off'] = "||disablesid $sid" . $a_nat[$id]['rule_sid_off'];
+ }
+
+ //write the new .rules file
+ @file_put_contents($file, implode($delimiter, $splitcontents));
+
+ write_config();
+
+ echo "<script> opener.window.location.reload(); window.close(); </script>";
+ exit;
+ }
+}
+
+$pgtitle = array(gettext("Advanced"), gettext("File Editor"));
+
+?>
+
+<?php include("head.inc");?>
+
+<body link="#000000" vlink="#000000" alink="#000000">
+<form action="snort_rules_edit.php" method="post">
+ <?php if ($savemsg) print_info_box($savemsg); ?>
+<table width="100%" border="0" cellpadding="0" cellspacing="0">
+<tr>
+ <td class="tabcont">
+
+
+ <table width="100%" cellpadding="9" cellspacing="9" bgcolor="#eeeeee">
+ <tr>
+ <td>
+ <input name="save" type="submit" class="formbtn" id="save" value="save" />
+ <input type='hidden' name='id' value='<?=$id;?>' />
+ <input type='hidden' name='ids' value='<?=$ids;?>' />
+ <input type='hidden' name='openruleset' value='<?=$file;?>' />
+ <input type="button" class="formbtn" value="Cancel" onclick="window.close()">
+ <hr noshade="noshade" />
+ Disable original rule :<br/>
+
+ <input id="highlighting_enabled" name="highlight2" type="radio" value="yes" <?php if($highlight == "yes") echo " checked=\"checked\""; ?> />
+ <label for="highlighting_enabled"><?=gettext("Enabled");?> </label>
+ <input id="highlighting_disabled" name="highlight2" type="radio" value="no" <?php if($highlight == "no") echo " checked=\"checked\""; ?> />
+ <label for="highlighting_disabled"> <?=gettext("Disabled");?></label>
+ </td>
+ </tr>
+ <tr>
+ <td valign="top" class="label">
+ <textarea wrap="off" style="width: 98%; margin: 7px;"
+ class="<?php echo $language; ?>:showcolumns" rows="3"
+ cols="66" name="code"><?=$splitcontents[$lineid];?></textarea>
+ </div>
+ </td>
+ </tr>
+ <tr>
+ <td valign="top" class="label">
+ <div style="background: #eeeeee;" id="textareaitem"><!-- NOTE: The opening *and* the closing textarea tag must be on the same line. -->
+ <textarea disabled
+ wrap="off" style="width: 98%; margin: 7px;"
+ class="<?php echo $language; ?>:showcolumns" rows="33"
+ cols="66" name="code2"><?=$contents;?></textarea>
+ </div>
+ </td>
+ </tr>
+ </table>
+ </td>
+</tr>
+</table>
+</form>
+<?php include("fend.inc");?>
+</body>
+</html>
diff --git a/config/snort-dev/snort_rulesets.php b/config/snort-dev/snort_rulesets.php index 313daea2..3d55f773 100644 --- a/config/snort-dev/snort_rulesets.php +++ b/config/snort-dev/snort_rulesets.php @@ -1,313 +1,313 @@ -<?php -/* $Id$ */ -/* - snort_rulesets.php - Copyright (C) 2006 Scott Ullrich - Copyright (C) 2009 Robert Zelaya - Copyright (C) 2011 Ermal Luci - All rights reserved. - - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions are met: - - 1. Redistributions of source code must retain the above copyright notice, - this list of conditions and the following disclaimer. - - 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. - - THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, - INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY - AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, - OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - POSSIBILITY OF SUCH DAMAGE. - */ - -require_once("guiconfig.inc"); -require_once("/usr/local/pkg/snort/snort_gui.inc"); -require_once("/usr/local/pkg/snort/snort.inc"); - -global $g; - -if (!is_array($config['installedpackages']['snortglobal']['rule'])) { - $config['installedpackages']['snortglobal']['rule'] = array(); -} -$a_nat = &$config['installedpackages']['snortglobal']['rule']; - -$id = $_GET['id']; -if (isset($_POST['id'])) - $id = $_POST['id']; -if (is_null($id)) { - header("Location: /snort/snort_interfaces.php"); - exit; -} - -if (isset($id) && $a_nat[$id]) { - $pconfig['enable'] = $a_nat[$id]['enable']; - $pconfig['interface'] = $a_nat[$id]['interface']; - $pconfig['rulesets'] = $a_nat[$id]['rulesets']; - - /* convert fake interfaces to real */ - $if_real = snort_get_real_interface($pconfig['interface']); - - $iface_uuid = $a_nat[$id]['uuid']; -} - -$pgtitle = "Snort: Interface $id $iface_uuid $if_real Categories"; - - -/* Check if the rules dir is empy if so warn the user */ -/* TODO give the user the option to delete the installed rules rules */ -$isrulesfolderempty = exec("ls -A /usr/local/etc/snort/snort_{$iface_uuid}_{$if_real}/rules/*.rules"); -if ($isrulesfolderempty == "") { - $isrulesfolderempty = exec("ls -A /usr/local/etc/snort/rules/*.rules"); - if ($isrulesfolderempty == "") { - include_once("head.inc"); - include("fbegin.inc"); - - echo "<p class=\"pgtitle\">"; - if($pfsense_stable == 'yes'){echo $pgtitle;} - echo "</p>\n"; - - echo "<body link=\"#000000\" vlink=\"#000000\" alink=\"#000000\">"; - - echo " - <table width=\"99%\" border=\"0\" cellpadding=\"0\" cellspacing=\"0\">\n - <tr><td>\n"; - - $tab_array = array(); - $tabid = 0; - $tab_array[$tabid] = array(gettext("Snort Interfaces"), false, "/snort/snort_interfaces.php"); - $tabid++; - $tab_array[$tabid] = array(gettext("If Settings"), false, "/snort/snort_interfaces_edit.php?id={$id}"); - $tabid++; - $tab_array[$tabid] = array(gettext("Categories"), true, "/snort/snort_rulesets.php?id={$id}"); - $tabid++; - $tab_array[$tabid] = array(gettext("Rules"), false, "/snort/snort_rules.php?id={$id}"); - $tabid++; - $tab_array[$tabid] = array(gettext("Servers"), false, "/snort/snort_define_servers.php?id={$id}"); - $tabid++; - $tab_array[$tabid] = array(gettext("Preprocessors"), false, "/snort/snort_preprocessors.php?id={$id}"); - $tabid++; - $tab_array[$tabid] = array(gettext("Barnyard2"), false, "/snort/snort_barnyard.php?id={$id}"); - display_top_tabs($tab_array); - echo " - </td></tr> - <tr>\n - <td>\n - <div id=\"mainarea\">\n - <table id=\"maintable\" class=\"tabcont\" width=\"100%\" border=\"0\" cellpadding=\"0\" cellspacing=\"0\">\n - <tr>\n - <td>\n - # The rules directory is empty. /usr/local/etc/snort/snort_{$iface_uuid}_{$if_real}/rules \n - </td>\n - </tr>\n - </table>\n - </div>\n - </td>\n - </tr>\n - </table>\n - \n - </form>\n - \n - <p>\n\n"; - - echo "Please click on the Update Rules tab to install your selected rule sets. $isrulesfolderempty"; - include("fend.inc"); - - echo "</body>"; - echo "</html>"; - - exit(0); - } else { - /* Make sure that we have the rules */ - mwexec("/bin/cp /usr/local/etc/snort/rules/*.rules /usr/local/etc/snort/snort_{$iface_uuid}_{$if_real}/rules", true); - } -} - -/* alert file */ -$d_snortconfdirty_path = "/var/run/snort_conf_{$iface_uuid}_{$if_real}.dirty"; -if ($_POST["Submit"]) { - $enabled_items = ""; - $isfirst = true; - if (is_array($_POST['toenable'])) - $enabled_items = implode("||", $_POST['toenable']); - else - $enabled_items = $_POST['toenable']; - $a_nat[$id]['rulesets'] = $enabled_items; - - write_config(); - sync_snort_package_config(); - - header( 'Expires: Sat, 26 Jul 1997 05:00:00 GMT' ); - header( 'Last-Modified: ' . gmdate( 'D, d M Y H:i:s' ) . ' GMT' ); - header( 'Cache-Control: no-store, no-cache, must-revalidate' ); - header( 'Cache-Control: post-check=0, pre-check=0', false ); - header( 'Pragma: no-cache' ); - header("Location: /snort/snort_rulesets.php?id=$id"); - exit; -} - -$enabled_rulesets = $a_nat[$id]['rulesets']; -if($enabled_rulesets) - $enabled_rulesets_array = split("\|\|", $enabled_rulesets); - -include_once("head.inc"); - -?> - -<body link="#000000" vlink="#000000" alink="#000000"> - -<?php include("fbegin.inc"); ?> -<?if($pfsense_stable == 'yes'){echo '<p class="pgtitle">' . $pgtitle . '</p>';}?> - -<?php -echo "{$snort_general_css}\n"; -?> - -<div class="body2"> - -<noscript> -<div class="alert" ALIGN=CENTER><img - src="../themes/<?php echo $g['theme']; ?>/images/icons/icon_alert.gif" /><strong>Please -enable JavaScript to view this content -</CENTER></div> -</noscript> - -<?php - -echo "<form action=\"snort_rulesets.php?id={$id}\" method=\"post\" name=\"iform\" id=\"iform\">"; - -?> <?php - -/* Display message */ - -if ($input_errors) { - print_input_errors($input_errors); // TODO: add checks -} - -if ($savemsg) { - print_info_box2($savemsg); -} - -if (file_exists($d_snortconfdirty_path)) { - echo '<p>'; - - if($savemsg) { - print_info_box_np2("{$savemsg}"); - }else{ - print_info_box_np2(' - The Snort configuration has changed and snort needs to be restarted on this interface.<br> - You must apply the changes in order for them to take effect.<br> - '); - } -} - -?> - -<table width="99%" border="0" cellpadding="0" cellspacing="0"> -<tr><td> -<?php - $tab_array = array(); - $tabid = 0; - $tab_array[$tabid] = array(gettext("Snort Interfaces"), false, "/snort/snort_interfaces.php"); - $tabid++; - $tab_array[$tabid] = array(gettext("If Settings"), false, "/snort/snort_interfaces_edit.php?id={$id}"); - $tabid++; - $tab_array[$tabid] = array(gettext("Categories"), true, "/snort/snort_rulesets.php?id={$id}"); - $tabid++; - $tab_array[$tabid] = array(gettext("Rules"), false, "/snort/snort_rules.php?id={$id}"); - $tabid++; - $tab_array[$tabid] = array(gettext("Servers"), false, "/snort/snort_define_servers.php?id={$id}"); - $tabid++; - $tab_array[$tabid] = array(gettext("Preprocessors"), false, "/snort/snort_preprocessors.php?id={$id}"); - $tabid++; - $tab_array[$tabid] = array(gettext("Barnyard2"), false, "/snort/snort_barnyard.php?id={$id}"); - display_top_tabs($tab_array); -?> -</td></tr> - <tr> - <td> - <div id="mainarea2"> - <table id="maintable" class="tabcont" width="100%" border="0" - cellpadding="0" cellspacing="0"> - <tr> - <td> - <table id="sortabletable1" class="sortable" width="100%" border="0" - cellpadding="0" cellspacing="0"> - <tr id="frheader"> - <td width="5%" class="listhdrr">Enabled</td> - <td class="listhdrr"><?php if($snort_arch == 'x86'){echo 'Ruleset: Rules that end with "so.rules" are shared object rules.';}else{echo 'Shared object rules are "so.rules" and not available on 64 bit architectures.';}?></td> - <!-- <td class="listhdrr">Description</td> --> - </tr> - <?php - $dir = "/usr/local/etc/snort/snort_{$iface_uuid}_{$if_real}/rules/"; - $dh = opendir($dir); - while (false !== ($filename = readdir($dh))) { - $files[] = basename($filename); - } - sort($files); - foreach($files as $file) { - if(!stristr($file, ".rules")) - continue; - echo "<tr>\n"; - echo "<td align=\"center\" valign=\"top\">"; - if(is_array($enabled_rulesets_array)) - if(in_array($file, $enabled_rulesets_array)) { - $CHECKED = " checked=\"checked\""; - } else { - $CHECKED = ""; - } - else - $CHECKED = ""; - echo " \n<input type='checkbox' name='toenable[]' value='$file' {$CHECKED} />\n"; - echo "</td>\n"; - echo "<td>\n"; - echo "<a href='snort_rules.php?id={$id}&openruleset=/usr/local/etc/snort/snort_{$iface_uuid}_{$if_real}/rules/" . urlencode($file) . "'>{$file}</a>\n"; - echo "</td>\n</tr>\n\n"; - //echo "<td>"; - //echo "description"; - //echo "</td>"; - } - - ?> - </table> - </td> - </tr> - <tr> - <td> </td> - </tr> - <tr> - <td>Check the rulesets that you would like Snort to load at startup.</td> - </tr> - <tr> - <td> </td> - </tr> - <tr> - <td><input value="Save" type="submit" name="Submit" id="Submit" /></td> - </tr> - </table> - </div> - </td> - </tr> -</table> - -</form> - -<p><b>NOTE:</b> You can click on a ruleset name to edit the ruleset.</p> - -</div> - -<?php -include("fend.inc"); -echo $snort_custom_rnd_box; -?> - -</body> -</html> +<?php
+/* $Id$ */
+/*
+ snort_rulesets.php
+ Copyright (C) 2006 Scott Ullrich
+ Copyright (C) 2009 Robert Zelaya
+ Copyright (C) 2011 Ermal Luci
+ All rights reserved.
+
+ Redistribution and use in source and binary forms, with or without
+ modification, are permitted provided that the following conditions are met:
+
+ 1. Redistributions of source code must retain the above copyright notice,
+ this list of conditions and the following disclaimer.
+
+ 2. Redistributions in binary form must reproduce the above copyright
+ notice, this list of conditions and the following disclaimer in the
+ documentation and/or other materials provided with the distribution.
+
+ THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
+ INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
+ AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
+ OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ POSSIBILITY OF SUCH DAMAGE.
+ */
+
+require_once("guiconfig.inc");
+require_once("/usr/local/pkg/snort/snort_gui.inc");
+require_once("/usr/local/pkg/snort/snort.inc");
+
+global $g;
+
+if (!is_array($config['installedpackages']['snortglobal']['rule'])) {
+ $config['installedpackages']['snortglobal']['rule'] = array();
+}
+$a_nat = &$config['installedpackages']['snortglobal']['rule'];
+
+$id = $_GET['id'];
+if (isset($_POST['id']))
+ $id = $_POST['id'];
+if (is_null($id)) {
+ header("Location: /snort/snort_interfaces.php");
+ exit;
+}
+
+if (isset($id) && $a_nat[$id]) {
+ $pconfig['enable'] = $a_nat[$id]['enable'];
+ $pconfig['interface'] = $a_nat[$id]['interface'];
+ $pconfig['rulesets'] = $a_nat[$id]['rulesets'];
+
+ /* convert fake interfaces to real */
+ $if_real = snort_get_real_interface($pconfig['interface']);
+
+ $iface_uuid = $a_nat[$id]['uuid'];
+}
+
+$pgtitle = "Snort: Interface $id $iface_uuid $if_real Categories";
+
+
+/* Check if the rules dir is empy if so warn the user */
+/* TODO give the user the option to delete the installed rules rules */
+$isrulesfolderempty = exec("ls -A /usr/local/etc/snort/snort_{$iface_uuid}_{$if_real}/rules/*.rules");
+if ($isrulesfolderempty == "") {
+ $isrulesfolderempty = exec("ls -A /usr/local/etc/snort/rules/*.rules");
+ if ($isrulesfolderempty == "") {
+ include_once("head.inc");
+ include("fbegin.inc");
+
+ echo "<p class=\"pgtitle\">";
+ if($pfsense_stable == 'yes'){echo $pgtitle;}
+ echo "</p>\n";
+
+ echo "<body link=\"#000000\" vlink=\"#000000\" alink=\"#000000\">";
+
+ echo "
+ <table width=\"99%\" border=\"0\" cellpadding=\"0\" cellspacing=\"0\">\n
+ <tr><td>\n";
+
+ $tab_array = array();
+ $tabid = 0;
+ $tab_array[$tabid] = array(gettext("Snort Interfaces"), false, "/snort/snort_interfaces.php");
+ $tabid++;
+ $tab_array[$tabid] = array(gettext("If Settings"), false, "/snort/snort_interfaces_edit.php?id={$id}");
+ $tabid++;
+ $tab_array[$tabid] = array(gettext("Categories"), true, "/snort/snort_rulesets.php?id={$id}");
+ $tabid++;
+ $tab_array[$tabid] = array(gettext("Rules"), false, "/snort/snort_rules.php?id={$id}");
+ $tabid++;
+ $tab_array[$tabid] = array(gettext("Servers"), false, "/snort/snort_define_servers.php?id={$id}");
+ $tabid++;
+ $tab_array[$tabid] = array(gettext("Preprocessors"), false, "/snort/snort_preprocessors.php?id={$id}");
+ $tabid++;
+ $tab_array[$tabid] = array(gettext("Barnyard2"), false, "/snort/snort_barnyard.php?id={$id}");
+ display_top_tabs($tab_array);
+ echo "
+ </td></tr>
+ <tr>\n
+ <td>\n
+ <div id=\"mainarea\">\n
+ <table id=\"maintable\" class=\"tabcont\" width=\"100%\" border=\"0\" cellpadding=\"0\" cellspacing=\"0\">\n
+ <tr>\n
+ <td>\n
+ # The rules directory is empty. /usr/local/etc/snort/snort_{$iface_uuid}_{$if_real}/rules \n
+ </td>\n
+ </tr>\n
+ </table>\n
+ </div>\n
+ </td>\n
+ </tr>\n
+ </table>\n
+ \n
+ </form>\n
+ \n
+ <p>\n\n";
+
+ echo "Please click on the Update Rules tab to install your selected rule sets. $isrulesfolderempty";
+ include("fend.inc");
+
+ echo "</body>";
+ echo "</html>";
+
+ exit(0);
+ } else {
+ /* Make sure that we have the rules */
+ mwexec("/bin/cp /usr/local/etc/snort/rules/*.rules /usr/local/etc/snort/snort_{$iface_uuid}_{$if_real}/rules", true);
+ }
+}
+
+/* alert file */
+$d_snortconfdirty_path = "/var/run/snort_conf_{$iface_uuid}_{$if_real}.dirty";
+if ($_POST["Submit"]) {
+ $enabled_items = "";
+ $isfirst = true;
+ if (is_array($_POST['toenable']))
+ $enabled_items = implode("||", $_POST['toenable']);
+ else
+ $enabled_items = $_POST['toenable'];
+ $a_nat[$id]['rulesets'] = $enabled_items;
+
+ write_config();
+ sync_snort_package_config();
+
+ header( 'Expires: Sat, 26 Jul 1997 05:00:00 GMT' );
+ header( 'Last-Modified: ' . gmdate( 'D, d M Y H:i:s' ) . ' GMT' );
+ header( 'Cache-Control: no-store, no-cache, must-revalidate' );
+ header( 'Cache-Control: post-check=0, pre-check=0', false );
+ header( 'Pragma: no-cache' );
+ header("Location: /snort/snort_rulesets.php?id=$id");
+ exit;
+}
+
+$enabled_rulesets = $a_nat[$id]['rulesets'];
+if($enabled_rulesets)
+ $enabled_rulesets_array = split("\|\|", $enabled_rulesets);
+
+include_once("head.inc");
+
+?>
+
+<body link="#000000" vlink="#000000" alink="#000000">
+
+<?php include("fbegin.inc"); ?>
+<?if($pfsense_stable == 'yes'){echo '<p class="pgtitle">' . $pgtitle . '</p>';}?>
+
+<?php
+echo "{$snort_general_css}\n";
+?>
+
+<div class="body2">
+
+<noscript>
+<div class="alert" ALIGN=CENTER><img
+ src="../themes/<?php echo $g['theme']; ?>/images/icons/icon_alert.gif" /><strong>Please
+enable JavaScript to view this content
+</CENTER></div>
+</noscript>
+
+<?php
+
+echo "<form action=\"snort_rulesets.php?id={$id}\" method=\"post\" name=\"iform\" id=\"iform\">";
+
+?> <?php
+
+/* Display message */
+
+if ($input_errors) {
+ print_input_errors($input_errors); // TODO: add checks
+}
+
+if ($savemsg) {
+ print_info_box2($savemsg);
+}
+
+if (file_exists($d_snortconfdirty_path)) {
+ echo '<p>';
+
+ if($savemsg) {
+ print_info_box_np2("{$savemsg}");
+ }else{
+ print_info_box_np2('
+ The Snort configuration has changed and snort needs to be restarted on this interface.<br>
+ You must apply the changes in order for them to take effect.<br>
+ ');
+ }
+}
+
+?>
+
+<table width="99%" border="0" cellpadding="0" cellspacing="0">
+<tr><td>
+<?php
+ $tab_array = array();
+ $tabid = 0;
+ $tab_array[$tabid] = array(gettext("Snort Interfaces"), false, "/snort/snort_interfaces.php");
+ $tabid++;
+ $tab_array[$tabid] = array(gettext("If Settings"), false, "/snort/snort_interfaces_edit.php?id={$id}");
+ $tabid++;
+ $tab_array[$tabid] = array(gettext("Categories"), true, "/snort/snort_rulesets.php?id={$id}");
+ $tabid++;
+ $tab_array[$tabid] = array(gettext("Rules"), false, "/snort/snort_rules.php?id={$id}");
+ $tabid++;
+ $tab_array[$tabid] = array(gettext("Servers"), false, "/snort/snort_define_servers.php?id={$id}");
+ $tabid++;
+ $tab_array[$tabid] = array(gettext("Preprocessors"), false, "/snort/snort_preprocessors.php?id={$id}");
+ $tabid++;
+ $tab_array[$tabid] = array(gettext("Barnyard2"), false, "/snort/snort_barnyard.php?id={$id}");
+ display_top_tabs($tab_array);
+?>
+</td></tr>
+ <tr>
+ <td>
+ <div id="mainarea2">
+ <table id="maintable" class="tabcont" width="100%" border="0"
+ cellpadding="0" cellspacing="0">
+ <tr>
+ <td>
+ <table id="sortabletable1" class="sortable" width="100%" border="0"
+ cellpadding="0" cellspacing="0">
+ <tr id="frheader">
+ <td width="5%" class="listhdrr">Enabled</td>
+ <td class="listhdrr"><?php if($snort_arch == 'x86'){echo 'Ruleset: Rules that end with "so.rules" are shared object rules.';}else{echo 'Shared object rules are "so.rules" and not available on 64 bit architectures.';}?></td>
+ <!-- <td class="listhdrr">Description</td> -->
+ </tr>
+ <?php
+ $dir = "/usr/local/etc/snort/snort_{$iface_uuid}_{$if_real}/rules/";
+ $dh = opendir($dir);
+ while (false !== ($filename = readdir($dh))) {
+ $files[] = basename($filename);
+ }
+ sort($files);
+ foreach($files as $file) {
+ if(!stristr($file, ".rules"))
+ continue;
+ echo "<tr>\n";
+ echo "<td align=\"center\" valign=\"top\">";
+ if(is_array($enabled_rulesets_array))
+ if(in_array($file, $enabled_rulesets_array)) {
+ $CHECKED = " checked=\"checked\"";
+ } else {
+ $CHECKED = "";
+ }
+ else
+ $CHECKED = "";
+ echo " \n<input type='checkbox' name='toenable[]' value='$file' {$CHECKED} />\n";
+ echo "</td>\n";
+ echo "<td>\n";
+ echo "<a href='snort_rules.php?id={$id}&openruleset=/usr/local/etc/snort/snort_{$iface_uuid}_{$if_real}/rules/" . urlencode($file) . "'>{$file}</a>\n";
+ echo "</td>\n</tr>\n\n";
+ //echo "<td>";
+ //echo "description";
+ //echo "</td>";
+ }
+
+ ?>
+ </table>
+ </td>
+ </tr>
+ <tr>
+ <td> </td>
+ </tr>
+ <tr>
+ <td>Check the rulesets that you would like Snort to load at startup.</td>
+ </tr>
+ <tr>
+ <td> </td>
+ </tr>
+ <tr>
+ <td><input value="Save" type="submit" name="Submit" id="Submit" /></td>
+ </tr>
+ </table>
+ </div>
+ </td>
+ </tr>
+</table>
+
+</form>
+
+<p><b>NOTE:</b> You can click on a ruleset name to edit the ruleset.</p>
+
+</div>
+
+<?php
+include("fend.inc");
+echo $snort_custom_rnd_box;
+?>
+
+</body>
+</html>
|